CVE-2025-0750

Publication date 28 January 2025

Last updated 28 January 2025


Ubuntu priority

Cvss 3 Severity Score

6.6 · Medium

Score breakdown

A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.

Status

Package Ubuntu Release Status
cri-o 24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release

Severity score breakdown

Parameter Value
Base score 6.6 · Medium
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact Low
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H