VDB
CISA-2025-64329
CISA-2025-64329
PUBLISHED
CVSS 6.9 MEDIUM
Reported by GitHub_M · Published November 7, 2025
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.
Risk Scores
CVSS 4.0
6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| containerd | containerd | < 1.7.29, < 2.0.7, >= 2.1.0-beta.0, < 2.1.5 |
| containerd | containerd | < 1.7.29, < 2.0.7, >= 2.1.0-beta.0, < 2.1.5 |
Timeline
- Nov 7, 2025 CVE Published
- Nov 7, 2025 CVE Updated