CVE-2025-4437
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-08-20
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | cri-o | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the CRI-O application when a container is launched with securityContext.runAsUser specifying a user that does not exist. CRI-O then tries to create this user by reading the entire /etc/passwd file from the container into memory. If this file is very large, it can cause high memory consumption, potentially leading to out-of-memory conditions and causing applications to be killed.
How can this vulnerability impact me? :
The vulnerability can lead to a denial-of-service (DoS) condition by consuming excessive memory, which may cause applications to be terminated. This disruption can affect not only the targeted container but also other pods and services running on the same host, potentially impacting availability and stability of your containerized environment.