Description

There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a high memory consumption leading applications to be killed due to out-of-memory. As a result a denial-of-service can be achieved, possibly disrupting other pods and services running in the same host.

INFO

Published Date :

2025-08-20T12:19:18.453Z

Last Modified :

2025-11-20T20:49:02.529Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-4437 vulnerability.

Vendors Products
Redhat
  • Openshift
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-4437.

URL Resource
https://access.redhat.com/security/cve/CVE-2025-4437 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2375084 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-4437 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-4437 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact