CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0750: Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting

Description

A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.

Classification

CVE ID: CVE-2025-0750

Affected Products

Vendor: Red Hat

Product: Red Hat OpenShift Container Platform 4

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.25% (scored less or equal to compared to others)

EPSS Date: 2025-02-27 (when was this score calculated)

References

https://access.redhat.com/security/cve/CVE-2025-0750
https://bugzilla.redhat.com/show_bug.cgi?id=2339405

Timeline

2025-01-29 10:30:10 UTC
CVE

Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting