CVE-2025-64329 — MEDIUM (5.5)

Q: How severe is CVE-2025-64329?

CVE-2025-64329 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-64329?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Containerd.

Vulnerability Description

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linuxfoundation	Containerd	< 1.7.29

Related Weaknesses (CWE)

CWE-401

References

FAQ

What is CVE-2025-64329?

CVE-2025-64329 is a vulnerability with a CVSS score of 5.5 (MEDIUM). containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach i...

How severe is CVE-2025-64329?

CVE-2025-64329 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-64329?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Containerd.