CVE-2025-47290 in containerd
Summary
by MITRE • 05/20/2025
containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. This bug has been fixed in containerd 2.1.1. Users should update to this version to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/18/2025
The vulnerability identified as CVE-2025-47290 represents a critical time-of-check to time-of-use flaw within containerd version 2.1.0, a widely deployed container runtime that serves as the foundation for containerized application execution across numerous cloud and enterprise environments. This flaw manifests during the image unpacking process when pulling container images from registries, creating a window of opportunity for malicious actors to manipulate the host file system through carefully constructed container images. The TOCTOU vulnerability stems from the runtime's failure to maintain consistent state checks throughout the image processing lifecycle, allowing for potential race conditions that could be exploited by adversaries with access to the container runtime environment. The specific nature of this vulnerability places it squarely within the CWE-367 category, which addresses Time-of-Check to Time-of-Use vulnerabilities, making it particularly dangerous in containerized environments where privilege escalation and host-level attacks are of primary concern.
The operational impact of this vulnerability extends far beyond simple file system modifications, as it fundamentally compromises the security isolation that containerization is designed to provide. When maliciously crafted container images are processed through the affected containerd version, attackers can potentially modify critical system files, inject malicious code, or manipulate the underlying host filesystem in ways that bypass normal security controls. This exploitation capability directly violates the principle of least privilege that containerized environments rely upon, as the vulnerability allows for arbitrary host file system modifications that could lead to complete system compromise. The vulnerability's presence in containerd v2.1.0 means that organizations running this specific version are at risk of supply chain attacks, where compromised images from public registries could be used to execute unauthorized modifications on host systems. The attack surface is particularly concerning given that containerd is often deployed in production environments where it runs with elevated privileges and has direct access to host storage resources.
The remediation approach for CVE-2025-47290 requires immediate action from affected organizations to upgrade to containerd version 2.1.1, which includes the necessary patches to address the TOCTOU race condition. This upgrade process should be carefully coordinated with existing container orchestration platforms and deployment pipelines to ensure minimal disruption to services while achieving security remediation. Organizations should also implement comprehensive image scanning and validation procedures as part of their security operations, particularly focusing on verifying the integrity and authenticity of container images before deployment. The workaround recommendations emphasize the importance of trusted image sources and strict access controls, aligning with ATT&CK framework techniques that focus on privilege escalation and supply chain attacks. Security teams should also consider implementing runtime monitoring and anomaly detection systems that can identify suspicious file system modifications or unexpected behavior patterns that might indicate exploitation attempts. Additionally, organizations should review their container image policies and ensure that image import permissions are strictly controlled, limiting access to only trusted administrators and automated build processes that can be audited and verified for security compliance.