Medium severity6.6GHSA Advisory· Published Jan 28, 2025· Updated Apr 15, 2026

CVE-2025-0750

Description

A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/cri-o/cri-oGo	<= 1.33.0	—

Affected products

Cri O/Cri OGHSA
Range: <= 1.33.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-hp5j-2585-qx6gghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-0750ghsaADVISORY
access.redhat.com/errata/RHSA-2025:1122nvdWEB
access.redhat.com/security/cve/CVE-2025-0750nvdWEB
bugzilla.redhat.com/show_bug.cginvdWEB

News mentions

No linked articles in our index yet.

cvss	0.429
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000