CVE-2025-0750— Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-0750
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
CRI-O 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CRI-O是CRI-O开源的一款用于Kubernetes系统的轻量级容器运行时环境。 CRI-O存在路径遍历漏洞,该漏洞源于日志管理功能中的路径遍历问题,允许攻击者卸载任意主机路径,造成节点级拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4.17 | 0:1.30.10-3.rhaos4.17.gitd088fcf.el8 ~ * | cpe:/a:redhat:openshift:4.17::el8 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | - | cpe:/a:redhat:openshift:4 |
II. Public POCs for CVE-2025-0750
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-0750
请登录查看更多情报信息。
Vendor Advisories for CVE-2025-0750 (3)
- 2339405 – (CVE-2025-0750) CVE-2025-0750 cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmountingissue-trackingx_refsource_REDHAT
IV. Related Vulnerabilities
Same weakness: CWE-22
- CVE-2026-9473
c-rick jimeng-mcp api.ts generateVideo path traversal - CVE-2026-9472
dazeb markdown-downloader index.ts create_subdirectory path - CVE-2026-9468
dazeb cline-mcp-memory-bank index.ts handleInitializeMemoryB - CVE-2026-9467
debugmcp mcp-debugger server.ts handleGetSourceContext path - CVE-2018-25374
Softneta MedDream PACS Server Premium 6.7.1.1 Directory Trav
V. Comments for CVE-2025-0750
No comments yet