What is CVE-2025-69233?

CVE-2025-69233 is a medium-severity vulnerability in Apache Cloudstack, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. CVSS score: 6.5/10. Published 2026-05-08.

How severe is CVE-2025-69233?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Resource exhaustion in Apache Cloudstack

CVE-2025-69233

Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limits configured for their accounts/domains…

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

EPSS: 0.000 (7.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Apache Cloudstack
Apache Software Foundation Cloudstack — versions 4.0.0, 4.21.0.0

Weakness classification (CWE)

References

security@apache.org (vendor-advisory, Mailing List, Vendor Advisory)
af854a3a-2127-422b-91ae-364da2661108

Frequently asked questions

What is CVE-2025-69233?: CVE-2025-69233 is a medium-severity vulnerability in Apache Cloudstack, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. CVSS score: 6.5/10. Published 2026-05-08.
How severe is CVE-2025-69233?: Medium severity. CVSS v3 base score is 6.5 out of 10.