QwikSec

Security Database

CVE

CWE

Training

CVE-2025-64329

Published: Nov 7, 2025

Modified: Nov 7, 2025

PUBLISHED

Description

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.

Vendor	Product	Versions
containerd	containerd	affected `< 1.7.29` affected `< 2.0.7` affected `>= 2.1.0-beta.0, < 2.1.5` affected `>= 2.2.0-beta.0, < 2.2.0`

Weaknesses (CWE)

References

https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2

x_refsource_CONFIRM

https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.