NVD HIGH: CVE-2025-66467 — Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows use...

Friday, May 8, 2026 at 01:16 PM UTC·Source: NIST NVD

Updated: Thursday, May 14, 2026 at 05:00 AM UTC

Executive Summary

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously generated access and secret keys. Users are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or

Analysis

Indicators of Compromise (3)

CVE (1)

CVE-2025-66467

NVD MITRE CVE

IPv4 (2)

4.20.3.0

VirusTotal Shodan AbuseIPDB

4.22.0.1

VirusTotal Shodan AbuseIPDB

Source Attribution

Originally published by NIST NVD on May 8, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Fragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel

Bulletin ID: 2026-029-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/13/2026 18:45 PM PDT This is an ongoing issue. Information is subject to change. Please refer to our Security Bulletin (ID: 2026-030-AWS) for the most updated patching information. Description: Amazon is aware of CVE-20

CVE-2026-46300CVE-2026-43284

3h agoAWS Security Bulletins

LOWVulnerability

Ongoing updates on Copy.fail and variants

Bulletin ID: 2026-030-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/13/2026 10:00 PM PDT This is an ongoing issue. This bulletin will be updated as more information becomes available. Description: AWS is aware of the copy.fail or DirtyFrag class of issues - a set of privilege escalation

3h agoAWS Security Bulletins

MEDIUMVulnerability

Bunq applies for Mexican banking license

Bunq, the European neobank for "global citizens", has applied for a Mexican banking license.

5h agoFinextra