CVE-2025-47290

Sažetak

containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. This bug has been fixed in containerd 2.1.1. Users should update to this version to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Reference

https://github.com/containerd/containerd/commit/cada13298fba85493badb6fecb6ccf80e49673cc
https://github.com/containerd/containerd/releases/tag/v2.1.1
https://github.com/containerd/containerd/security/advisories/GHSA-cm76-qm8v-3j95

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

21-05-2025 - 20:24

Objavljeno

20-05-2025 - 19:15