Path Traversal Vulnerability in CRI-O Affects Node-Level Operations
CVE-2025-0750

6.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 28 January 2025

Summary

A significant vulnerability exists in the CRI-O log management functionalities, specifically within the UnMountPodLogs and LinkContainerLogs methods. This flaw allows a malicious actor, possessing the necessary permissions to create and delete Pods, to exploit path traversal techniques. By doing so, they may unmount arbitrary host paths, potentially compromising node stability and availability. Such actions could culminate in a denial of service at the node level, impacting the integrity and performance of critical system directories.

References

https://access.redhat.com/security/cve/CVE-2025-0750

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2339405

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 27, 2025

Credit

Red Hat would like to thank Dongha Kim for reporting this issue.