VYPR
Unrated severityNVD Advisory· Published May 6, 2025· Updated Feb 27, 2026

Quay: incorrect privilege assignment

CVE-2025-4374

Description

A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Red Hat/Red Hat Quay 3v5
    cpe:/a:redhat:quay:3
  • Red Hat/Quayllm-fuzzy
  • Project Quay/quayv5
    Range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.