OESA-2025-1787

Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Security Fix(es): cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization by Canonical. There is a security vulnerability in cloud-init 25.1.2 and previous versions. The vulnerability originates from cloud-init-hotplugd.socket's default SocketMode permission is 0666, which may cause unauthorized users to trigger commands.(CVE-2024-11584) cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization by Canonical. There is a security vulnerability in cloud-init, which originates from granting root access to hardcoded URLs during detection by non-x86 platforms.(CVE-2024-6174)