CVE-2025-47290

High CVSS: 7.6

containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. This bug has been fixed in containerd 2.1.1. Users should update to this version to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Vendor

Linuxfoundation

Product

Containerd

CWE

CWE-367

Yayın Tarihi

2025-05-20 19:15:50

Güncelleme

2025-09-19 17:28:20

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-367 Containerd HIGH Linuxfoundation 2025

Referanslar

https://github.com/containerd/containerd/commit/cada13298fba85493badb6fecb6ccf80e49673cc https://github.com/containerd/containerd/releases/tag/v2.1.1 https://github.com/containerd/containerd/security/advisories/GHSA-cm76-qm8v-3j95

Benzer Kayıtlar

Critical

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. I…

Medium

CVE-2026-33015

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop…

High

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memo…

Medium

CVE-2026-33014

EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorizat…

Medium

CVE-2026-27815

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup cop…

Medium

CVE-2026-27816

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_tra…