Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-4374

A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.

Published

2025-05-06T15:16:05.463

Last Modified

2025-07-31T18:00:55.420

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-266

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	quay	≤ 3.14.0	Yes

References

https://access.redhat.com/security/cve/CVE-2025-4374 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2364267 Vendor Advisory ([email protected])