VDB

CISA-2025-64329

CISA-2025-64329 PUBLISHED CVSS 6.9 MEDIUM

Reported by GitHub_M · Published November 7, 2025

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.

Risk Scores

CVSS 4.0
6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
containerdcontainerd< 1.7.29, < 2.0.7, >= 2.1.0-beta.0, < 2.1.5
containerdcontainerd< 1.7.29, < 2.0.7, >= 2.1.0-beta.0, < 2.1.5

Timeline

  • Nov 7, 2025 CVE Published
  • Nov 7, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›