Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-64329

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.

Published

2025-11-07T05:16:08.017

Last Modified

2025-12-31T18:34:48.060

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-401

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	containerd	< 1.7.29	Yes
Application	linuxfoundation	containerd	< 2.0.7	Yes
Application	linuxfoundation	containerd	< 2.1.5	Yes
Application	linuxfoundation	containerd	2.2.0	Yes
Application	linuxfoundation	containerd	2.2.0	Yes
Application	linuxfoundation	containerd	2.2.0	Yes
Application	linuxfoundation	containerd	2.2.0	Yes
Application	linuxfoundation	containerd	2.2.0	Yes

References

https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df Patch ([email protected])
https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 Patch, Vendor Advisory ([email protected])