Main Vulnerability Database Vulnerabilities #VU109622

Improper Preservation of Permissions in containerd - CVE-2025-47291

Published: May 21, 2025

Vulnerability identifier: #VU109622

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-47291

CWE-ID: CWE-281

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: containerd

Affected software:
containerd

Detailed vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to the CRI implementation does not put usernamespaced containers under the Kubernetes' cgroup hierarchy, which causes Kubernetes limits not to be honored. A local user or malicious application inside the container can perform a denial of service (DoS) attack.

How to mitigate CVE-2025-47291

Install updates from vendor's website.

Sources

https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff

Improper Preservation of Permissions in containerd - CVE-2025-47291

Detailed vulnerability description

How to mitigate CVE-2025-47291

Sources

Please verify you're human