CVE-2024-25621 — Incorrect Execution-Assigned Permissions in Containerd
Severity
7.8HIGHNVD
CNA7.3
EPSS
0.0%
top 99.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 6
Latest updateJan 29
Description
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages6 packages
Patches
🔴Vulnerability Details
6OSV▶
containerd affected by a local privilege escalation via wide permissions on CRI directory in github.com/containerd/containerd↗2025-11-17
GHSA▶
containerd affected by a local privilege escalation via wide permissions on CRI directory↗2025-11-06
CVEList▶
containerd affected by a local privilege escalation via wide permissions on CRI directory↗2025-11-06