CVE Details
Basic Information
| Title |
CVE-2025-47290 |
| Type |
cve |
| Published |
2025-05-20T19:15:50 |
| Last Seen |
2025-05-20T19:21:50 |
CVSS Information
| Base Score |
0.0 () |
| Attack Vector |
|
| Attack Complexity |
|
| Privileges Required |
|
| User Interaction |
|
| Scope |
|
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
A time-of-check to time-of-use (TOCTOU) vulnerability in containerd v2.1.0 allows specially crafted container images to execute arbitrary code during image pull operations. |
| AI Severity |
Critical |
| Vendor |
Cloud Native Computing Foundation (CNCF) |
| Product |
containerd |
| Affected Version |
2.1.0 |
Additional Information
| CVE List |
CVE-2025-47290 |
| CWE List |
CWE-367 |
| Bulletin Family |
cve |
Description
containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily…
CVSS Score Summary
Base Score: %!f(string=#) ()
View Full CVE Details
