PT-2025-45348 · Unknown+6 · Kubernetes Containerd+5

Published

2025-10-29

·

Updated

2026-05-08

·

CVE-2024-25621

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions containerd versions 0.1.0 through 1.7.28 containerd versions 2.0.0-beta.0 through 2.0.6 containerd versions 2.1.0-beta.0 through 2.1.4 containerd versions 2.2.0-beta.0 through 2.2.0-rc.1
Description containerd is an open-source container runtime with an overly broad default permission issue. Specific directory paths, including /var/lib/containerd, /run/containerd/io.containerd.grpc.v1.cri, and /run/containerd/io.containerd.sandbox.controller.v1.shim, were created with incorrect permissions.
Recommendations containerd versions 0.1.0 through 1.7.28: Update to version 1.7.29 or later. containerd versions 2.0.0-beta.0 through 2.0.6: Update to version 2.0.7 or later. containerd versions 2.1.0-beta.0 through 2.1.4: Update to version 2.1.5 or later. containerd versions 2.2.0-beta.0 through 2.2.0-rc.1: Update to version 2.2.0 or later. As a workaround, update system administrator permissions to manually adjust directory permissions to restrict group and world access. As a workaround, run containerd in rootless mode.

Exploit

Fix

LPE

Weakness Enumeration

CWE-279

Related Identifiers

AZL-69734
AZL-69808
AZL-69812
AZL-69815
BDU:2026-02731
CLEANSTART-2026-EJ58111
CLEANSTART-2026-LL43287
CLEANSTART-2026-OH86281
CVE-2024-25621
DSA-6067-1
ECHO-A8E9-4006-CBAF
GHSA-PWHC-RPQ9-4C8W
GO-2025-4100
MGASA-2026-0030
OESA-2025-2752
OESA-2025-2753
OESA-2025-2754
OESA-2025-2755
OESA-2025-2756
OPENSUSE-SU-2025:15726-1
SUSE-SU-2025:21042-1
SUSE-SU-2025:21057-1
SUSE-SU-2025:4072-1
SUSE-SU-2025:4288-1
SUSE-SU-2025_4072-1
SUSE-SU-2025_4288-1
USN-7983-1

Affected Products

Debian
Kubernetes Containerd
Linuxmint
Red Os
Suse
Ubuntu