CVE-2025-0750 — Path Traversal in Cri-o Cri-o

CWE-22 — Path Traversal6 documents5 sources

Severity

6.6MEDIUMNVD

EPSS

0.1%

top 83.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Cri-o Cri-o

Timeline

PublishedJan 28

Latest updateJan 29

Description

A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:HExploitability: 1.8 | Impact: 4.7

Affected Packages1 packages

▶Gogithub.com/cri-o_cri-o1.33.0

🔴Vulnerability Details

OSV

CRI-O Path Traversal vulnerability in github.com/cri-o/cri-o↗2025-01-29

▶

CVEList

Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting↗2025-01-28

▶

GHSA

CRI-O Path Traversal vulnerability↗2025-01-28

▶

OSV

CRI-O Path Traversal vulnerability↗2025-01-28

▶

📋Vendor Advisories

Red Hat

cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmounting↗2025-01-22

▶