CVE-2025-47290

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-47290

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47290.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-47290

Aliases

Related

Published

2025-05-20T19:15:50Z

Modified

2025-05-28T10:07:13.071708Z

Summary

[none]

Details

containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. This bug has been fixed in containerd 2.1.1. Users should update to this version to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

References

Affected packages

Git / github.com/containerd/containerd

Affected ranges

Type: GIT
Repo: https://github.com/containerd/containerd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cada13298fba85493badb6fecb6ccf80e49673cc

Fixed

cb1076646aa3740577fafbf3d914198b7fe8e3f7

Affected versions

0.*

0.0.2

0.0.3

0.0.4

0.0.5

api/v1.*

api/v1.6.0-beta.1

api/v1.6.0-beta.2

api/v1.6.0-beta.3

api/v1.8.0

api/v1.8.0-rc.0

api/v1.8.0-rc.1

api/v1.8.0-rc.2

api/v1.8.0-rc.3

api/v1.8.0-rc.4

api/v1.9.0

api/v1.9.0-rc.0

v0.*

v0.1.0

v0.2.0

v0.2.3

v1.*

v1.0.0

v1.0.0-alpha0

v1.0.0-alpha1

v1.0.0-alpha2

v1.0.0-alpha3

v1.0.0-alpha4

v1.0.0-alpha5

v1.0.0-alpha6

v1.0.0-beta.0

v1.0.0-beta.1

v1.0.0-beta.2

v1.0.0-beta.3

v1.0.0-rc.0

v1.1.0

v1.1.0-rc.0

v1.1.0-rc.1

v1.1.0-rc.2

v1.2.0

v1.2.0-beta.0

v1.2.0-beta.1

v1.2.0-beta.2

v1.2.0-rc.0

v1.2.0-rc.1

v1.2.0-rc.2

v1.3.0

v1.3.0-beta.0

v1.3.0-beta.1

v1.3.0-beta.2

v1.3.0-rc.0

v1.3.0-rc.1

v1.3.0-rc.2

v1.3.0-rc.3

v1.4.0

v1.4.0-beta.0

v1.4.0-beta.1

v1.4.0-beta.2

v1.4.0-rc.0

v1.4.0-rc.1

v1.5.0

v1.5.0-beta.0

v1.5.0-beta.1

v1.5.0-beta.2

v1.5.0-beta.3

v1.5.0-beta.4

v1.5.0-rc.0

v1.5.0-rc.1

v1.5.0-rc.2

v1.5.0-rc.3

v1.6.0

v1.6.0-beta.0

v1.6.0-beta.1

v1.6.0-beta.2

v1.6.0-beta.3

v1.6.0-beta.4

v1.6.0-beta.5

v1.6.0-rc.0

v1.6.0-rc.1

v1.6.0-rc.2

v1.6.0-rc.3

v1.6.0-rc.4

v1.7.0

v1.7.0-beta.0

v1.7.0-beta.1

v1.7.0-beta.2

v1.7.0-beta.3

v1.7.0-beta.4

v1.7.0-rc.0

v1.7.0-rc.1

v1.7.0-rc.2

v1.7.0-rc.3

v2.*

v2.0.0

v2.0.0-beta.0

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-rc.0

v2.0.0-rc.1

v2.0.0-rc.2

v2.0.0-rc.3

v2.0.0-rc.4

v2.0.0-rc.5

v2.0.0-rc.6

v2.1.0

v2.1.0-beta.0

v2.1.0-beta.1

v2.1.0-rc.0

v2.1.0-rc.1