logo

Database

Lack of data validation - Path Traversal In github.com/cri-o/cri-o

Description

CRI-O Path Traversal vulnerability A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-07502. NVD-2025-07503. OSV-2025-07504. GCVE-2025-07505. access.redhat.com6. ACCESS-CVE-2025-0750

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=2339405

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.