CVE-2025-47290
📋 TL;DR
A TOCTOU vulnerability in containerd v2.1.0 allows specially crafted container images to modify the host filesystem during image unpacking. Only containerd 2.1.0 is affected, impacting containerized environments using this specific version. This could lead to arbitrary file modification on the host system.
💻 Affected Systems
- containerd
📦 What is this software?
Containerd by Linuxfoundation
⚠️ Risk & Real-World Impact
Worst Case
Complete host filesystem compromise allowing arbitrary file creation, modification, or deletion, potentially leading to full system takeover.
Likely Case
Unauthorized modification of host files, potentially enabling privilege escalation, data theft, or persistence mechanisms.
If Mitigated
Limited impact with proper image source controls and user permissions, potentially no exploitation if only trusted images are used.
🎯 Exploit Status
Exploitation requires creating and distributing specially crafted container images. Attacker needs ability to push images to a registry accessible to the target.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.1
Vendor Advisory: https://github.com/containerd/containerd/security/advisories/GHSA-cm76-qm8v-3j95
Restart Required: Yes
Instructions:
1. Stop all containers and container workloads. 2. Update containerd to version 2.1.1 using your package manager. 3. Restart containerd service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict image sources
allOnly allow pulling images from trusted registries and enforce image signing/verification.
Configure containerd to use allowed registries only: containerd config default > /etc/containerd/config.toml
Edit config.toml to restrict registries under [plugins."io.containerd.grpc.v1.cri".registry]
Limit user permissions
linuxRestrict which users can import or pull images to trusted administrators only.
Use Linux capabilities or RBAC to restrict containerd access: setfacl -m u:trusteduser:rwx /var/run/containerd/containerd.sock
🧯 If You Can't Patch
- Immediately implement strict image source controls allowing only verified, signed images from trusted registries.
- Implement network segmentation to restrict container hosts from accessing untrusted image registries.
🔍 How to Verify
Check if Vulnerable:
Check containerd version: containerd --version. If output shows 2.1.0, system is vulnerable.Check Version:
containerd --versionVerify Fix Applied:
After updating, run: containerd --version. Verify output shows 2.1.1 or later.📡 Detection & Monitoring
Log Indicators:
- Unusual image pull activity from untrusted sources
- Containerd logs showing image unpacking errors or unexpected file operations
Network Indicators:
- Image pulls from unknown or untrusted registries
- Unusual outbound connections during image pull operations
SIEM Query:
source="containerd" AND ("pull" OR "unpack") AND (error OR failure OR suspicious)