CVE-2024-13058 MEDIUM

CVE-2024-13058: Authenticated, non-admin users can create storage pools via the sifi API

Vendor Softiron
Product HyperCloud
Weakness CWE-269
Published December 30, 2024
Last update August 29, 2025

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:D/RE:M/U:Green

What the vulnerability does

01Description

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.

Key dates

02Disclosure timeline

December 30, 2024 CVE published
August 29, 2025 Record updated