CVE-2025-64329

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions containerd versions 1.7.28 and below containerd versions 2.0.0-beta.0 through 2.0.6 containerd versions 2.1.0-beta.0 through 2.1.4 containerd versions 2.2.0-beta.0 through 2.2.0-rc.1

Description containerd, an open-source container runtime, is affected by a bug in the CRI Attach implementation. This issue can lead to memory exhaustion on the host system due to goroutine leaks. The issue affects multiple versions of containerd. An admission controller can be used to control access to pods/attach resources as a workaround.

Recommendations Update to containerd version 1.7.29 or later. Update to containerd version 2.0.7 or later. Update to containerd version 2.1.5 or later. Update to containerd version 2.2.0 or later. Set up an admission controller to control accesses to pods/attach resources.

Exploit

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

AZL-69739

AZL-69745

AZL-69973

AZL-69976

BDU:2025-16113

CLEANSTART-2026-EJ58111

CLEANSTART-2026-LL43287

CLEANSTART-2026-OH86281

CVE-2025-64329

DSA-6067-1

ECHO-0C6F-8210-73E6

GHSA-M6HQ-P25P-FFR2

GO-2025-4108

MGASA-2026-0030

OESA-2025-2752

OESA-2025-2753

OESA-2025-2754

OESA-2025-2755

OESA-2025-2756

OPENSUSE-SU-2025:15726-1

SUSE-SU-2025:21042-1

SUSE-SU-2025:21057-1

SUSE-SU-2025:4072-1

SUSE-SU-2025:4288-1

USN-7983-1

Affected Products

Debian

Kubernetes Containerd

Linuxmint

Red Os

Suse

Ubuntu

CVE-2025-64329

Weakness Enumeration

Related Identifiers

Affected Products

References · 91