CVE-2024-21545: The Proxmox VE File-Read Bug That Leads to Full Root Takeover
CVE-2024-21545 lets a low-privileged Proxmox VE user read any file on the host and escalate to root. Here is how it works and how to patch it.
On this page
If you run Proxmox VE and hand out scoped API tokens or limited user roles to teammates, scripts, or monitoring tools, CVE-2024-21545 deserves your attention. It is an authenticated arbitrary file read in the Proxmox VE API that a relatively low-privileged user can chain into a complete root takeover of the host. It carries a CVSS 3.1 score of 8.2 (High).
You can pull the canonical metadata for this issue any time from the CVE-2024-21545 entry on CVE Explore, which tracks the affected packages and scoring.
What the vulnerability actually is
Proxmox's API request handler, handle_api2_request, inspects the object returned by an endpoint for a special download (or data->download) sub-object. When that object is present, the server reads the local file it points at and streams it back to the caller. The intent is legitimate — some endpoints genuinely need to return files — but the handler trusted response values that an attacker could influence.
Security researchers found two endpoints where the returned object could be manipulated:
- The QEMU guest-agent path — by influencing the guest agent's response, an attacker holding
VM.Monitorcould inject adownloaddirective and have the host read a file back with root-level access. - The ACME metadata path — by manipulating a directory parameter, an attacker holding
Sys.Auditcould point the handler at attacker-controlled JSON containing adownloaddirective.
Either way, the result is the same: read any file on the Proxmox host as root.
Why an arbitrary file read becomes game over
On a Proxmox node, a "read any file" primitive is not a minor information leak — it is a direct path to full control. An attacker can grab:
/etc/pve/priv/authkey.key— the cluster's ticket-signing key. With it you can forge a validroot@pamsession ticket and log in as the superuser./etc/shadow— password hashes for offline cracking.- SSL/TLS private keys and any stored API tokens.
Once you can mint a root@pam ticket, you own the node, every VM and container on it, and — in a cluster — the shared configuration filesystem. That is why a bug that "only" reads files is rated High and treated as critical in practice.
Affected versions and the fix
The issue was demonstrated on Proxmox VE 8.2.2 and also affected Proxmox Mail Gateway 8. The relevant packages include pve-manager, libpve-http-server-perl, libpve-storage-perl, libpve-common-perl and pmg-api.
Proxmox shipped the fix on 23 September 2024 as part of the normal release cycle. The remediation is simply to update:
# Check your current versions
pveversion -v
# Pull the patched packages
apt update
apt full-upgrade
If you maintain a cluster, update and reboot one node at a time so quorum and HA are preserved.
Hardening beyond the patch
Patching closes this specific hole, but the underlying lesson is about least privilege. Treat Sys.Audit and VM.Monitor as sensitive, because this CVE showed they can be stepping stones rather than read-only conveniences.
-
Audit who holds those roles. List your users, tokens and their ACLs and remove anything broader than it needs to be:
pveum user list pveum acl list pveum role list -
Scope API tokens tightly and give each automation its own token with the narrowest role and path. Enable Privilege Separation on tokens so they cannot inherit the user's full permissions.
-
Keep the web UI off the public internet. Put port 8006 behind a VPN or a reverse proxy with strong auth, so an attacker needs a foothold in your network before they can even reach the API.
-
Patch promptly and predictably. Most Proxmox security fixes arrive silently through
apt full-upgrade. A monthly patch window catches the vast majority of issues like this one.
Keeping track of new Proxmox advisories
Proxmox doesn't run a flashy CVE marketing page, so vulnerabilities like this tend to surface through researcher write-ups and vulnerability databases. We track new Proxmox and Debian advisories against CVE Explore, a fast CVE intelligence database, so we can flag anything that affects a typical homelab or small-cluster deployment before it bites.
The takeaway for CVE-2024-21545 is simple: update to the post-September-2024 packages, then tighten who holds Sys.Audit and VM.Monitor. A monitoring token should never be one API quirk away from root@pam.