Detections
Analytics

Containerd 2.1.x < 2.1.1 TOCTOU

critical Nessus Plugin ID 237291

Language:

Synopsis

The version of containerd installed on the remote host is affected by a vulnerability.

Description

The version of Containerd on the remote host is 2.1.x prior to 2.1.1. It is, therefore, affected by a vulnerability. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. This bug has been fixed in containerd 2.1.1. Users should update to this version to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Containerd version 2.1.1 or later.

See Also

http://www.nessus.org/u?6b5701d5

Plugin Details

Severity: Critical

ID: 237291

File Name: containerd_2_1_1.nasl

Version: 1.2

Type: local

Agent: unix

Family: Misc.

Published: 5/27/2025

Updated: 5/28/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v4

Risk Factor: Critical

Base Score: 9.4

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Vulnerability Information

CPE: cpe:/a:linuxfoundation:containerd

Patch Publication Date: 5/20/2025

Vulnerability Publication Date: 5/20/2025

Reference Information

CVE: CVE-2025-47290

IAVA: 2025-A-0372