216.73.216.215

CVE-2025-47290

· Published 20/05/2025 19:15 · Modified 21/05/2025 20:24

Labels: CVE-2025-47290 2025-05-20CVE-2025-47290CWE-367[email protected]

Essential information

Published
20/05/2025 19:15
Modified
21/05/2025 20:24
Author
Creator
CVSS
7.6 HIGH (v3) 7.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. This bug has been fixed in containerd 2.1.1. Users should update to this version to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
containerd / containerd cpe:2.3:a:containerd:containerd:2.1.0:*:*:*:*:*:*:*
containerd / containerd cpe:2.3:a:containerd:containerd:2.1.1:*:*:*:*:*:*:*

References