Unrated severityNVD Advisory· Published May 6, 2025· Updated Feb 27, 2026
Quay: incorrect privilege assignment
CVE-2025-4374
Description
A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Red Hat/Red Hat Quay 3v5cpe:/a:redhat:quay:3
- Project Quay/quayv5Range: 0
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2025-4374mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.