Incorrect Execution-Assigned Permissions

CVE-2024-25621

High

7.8/10

Summary

Containerd is an open-source container runtime. Versions from 0.1.0 through 1.7.28, 2.0.x through 2.0.6, 2.1.x through 2.1.4 and 2.2.x through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths "/var/lib/containerd", "/run/containerd/io.containerd.grpc.v1.cri" and "/run/containerd/io.containerd.sandbox.controller.v1.shim" were all created with incorrect permissions. Workarounds include updating system administrator permissions so the host can manually "chmod" the directories to not have group or world accessible permissions, or to run containerd in rootless mode.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-279 - Incorrect Execution-Assigned Permissions

While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

References

Advisory Timeline

Published Nov 06, 2025

Incorrect Execution-Assigned Permissions

CVE-2024-25621

Summary

CWE-279 - Incorrect Execution-Assigned Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS