Authorization Flaw in Quay Leads to Excessive Permissions
CVE-2025-4374

6.5MEDIUM

Key Information:

Vendor: Project Quay
Status: Quay; Red Hat Quay 3
Vendor: CVE Published:; 6 May 2025

🔔 Create Project Quay Vulnerability Alert

What is CVE-2025-4374?

A security issue exists in Quay where an organization acting as a proxy cache for container images can inadvertently grant 'Admin' permissions to users or robots that pull images not previously mirrored. This flaw can lead to unauthorized access to new repository configurations, posing a significant risk to data security and integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

quay 0 < 3.11.11

quay 2.14.0 < 3.14.2

quay 3.12.0 < 3.12.10

References

https://access.redhat.com/security/cve/CVE-2025-4374

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2364267

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 6, 2025
Vulnerability Reserved
May 6, 2025

JSON

Project Quay