Primary

Context

Canonical Cloud-Init Root Access Vulnerability on Non-X86 Platforms

Vulnerability

Patched

A vulnerability in Canonical Cloud-Init has been identified, where root access is granted to a hardcoded URL with a local IP address, but only when a non-x86 platform is detected. This issue arises because Cloud-Init attempts to identify the platform, a feature that is not needed for non-x86 environments. To mitigate this vulnerability, Cloud-Init's default configurations disable platform enumeration.

Impact

Exploitation of this vulnerability allows for unauthorized root access on non-x86 platforms.

Remediation

Users can upgrade to Cloud-Init version 25.1.3, which addresses this vulnerability by preventing the identification of non-x86 OpenStack instances.

Added: Jun 26, 2025, 10:21 AM

Updated: Jun 26, 2025, 10:21 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Canonical Cloud-Init Root Access Vulnerability on Non-X86 Platforms

Vulnerability

Impact

Remediation

Affected Products

Canonical cloud-init

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating