Authorization Flaw in Quay Leads to Excessive Permissions
CVE-2025-4374

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Quay 3
Vendor: CVE Published:; 6 May 2025

What is CVE-2025-4374?

A security issue exists in Quay where an organization acting as a proxy cache for container images can inadvertently grant 'Admin' permissions to users or robots that pull images not previously mirrored. This flaw can lead to unauthorized access to new repository configurations, posing a significant risk to data security and integrity.

References

https://access.redhat.com/security/cve/CVE-2025-4374

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2364267

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2025
Vulnerability Reserved
May 6, 2025

Red Hat

What is CVE-2025-4374?

References

CVSS V3.1

Timeline