CVE-2024-25621

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25621

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

c

ontainerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.

References
Link Resource
https://github.com/containerd/containerd/blob/main/docs/rootless.md Product
https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 Patch
https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta0:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:rc0:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:rc1:*:*:*:*:*:*
History

31 Dec 2025, 02:29

Type Values Removed Values Added
CPE cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta0:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:rc0:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta2:*:*:*:*:*:*
References () https://github.com/containerd/containerd/blob/main/docs/rootless.md - () https://github.com/containerd/containerd/blob/main/docs/rootless.md - Product
References () https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 - () https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 - Patch
References () https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w - () https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w - Patch, Vendor Advisory
First Time Linuxfoundation containerd
Linuxfoundation

06 Nov 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-11-06 19:15

Updated : 2025-12-31 02:29

NVD link : CVE-2024-25621

Mitre link : CVE-2024-25621

CVE.ORG link : CVE-2024-25621

JSON object : View

Products Affected

linuxfoundation

CWE
CWE-279

Incorrect Execution-Assigned Permissions