Medium severity5.7GHSA Advisory· Published Aug 20, 2025· Updated Apr 15, 2026
CVE-2025-4437
CVE-2025-4437
Description
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a high memory consumption leading applications to be killed due to out-of-memory. As a result a denial-of-service can be achieved, possibly disrupting other pods and services running in the same host.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/cri-o/cri-oGo | <= 1.33.3 | — |
Affected products
2Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.