Language:

Information about definition

Identificator: INFSA-2025:10844

Type: security

Release date: 2025-07-25 10:44:32 UTC

Information about package

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.

Vulnerabilities description

CVE-2024-6174
An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure.

Severity level

CVE	Score CVSS 2.0	Score CVSS 3.x	Score CVSS 4.0
NIST — CVE-2024-6174	no information	8.8	no information

Critical, important, moderate, low

Updated packages

INFSA-2025:10844: cloud-init security update

Information about definition