Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-25199 -- CVSS 9.1 Vulnerability Briefing

CVE-2026-25199 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-25199 is a tenant isolation bypass vulnerability in Apache CloudStack affecting deployments that use the Proxmox extension, allowing unauthorized cross-tenant access to virtual machine instances.

Technical Detail

The flaw exists in the Proxmox integration component of Apache CloudStack versions 4.21.0.0 through 4.22.0.0, where insufficient access controls fail to enforce tenant boundaries for instances provisioned via the Proxmox extension. An attacker operating as a legitimate tenant can access, and potentially interact with, virtual machine instances belonging to other tenants without authorization. The impact constitutes a privilege escalation and unauthorized data access scenario in multi-tenant cloud environments, with potential for lateral movement across tenant workloads depending on what is exposed at the instance level.

Exploitation Status

No known exploit code has been identified at this time, and this vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit, meaning no public proof-of-concept or weaponized tooling has been confirmed as of this writing. However, the high CVSS score of 9.1 and the straightforward nature of tenant isolation bypasses in shared infrastructure environments warrant treating this as a priority patching target regardless of current exploit availability.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns, threat groups, or targeted sectors have been associated with this vulnerability in available intelligence. Cloud infrastructure vulnerabilities of this class are historically of interest to financially motivated actors and espionage groups targeting multi-tenant environments, but no confirmed activity has been observed against this specific CVE.

What To Do

Organizations running Apache CloudStack with the Proxmox extension should upgrade immediately to a patched release beyond version 4.22.0.0 as soon as one is made available by the Apache CloudStack project. In the interim, administrators should assess whether the Proxmox extension can be disabled or restricted to reduce exposure in affected deployments. Audit logs should be reviewed for anomalous cross-tenant API calls or unexpected instance access patterns that could indicate prior exploitation. Given the critical CVSS rating and the multi-tenant impact scope, this patch should be treated as high priority even in the absence of confirmed active exploitation.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →