{}

{}

{}

{"acknowledgement": "Red Hat would like to thank Dongha Kim (BoB Project Team, Pirates) for reporting this issue.", "bugzilla": {"description": "cri-o: Large /etc/passwd file may lead to Denial of Service", "id": "2375084", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375084"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "As for now there's no available mitigation for this flaw."}, "name": "CVE-2025-4437", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-06-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4437\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4437"], "statement": "This vulnerability was rated as Moderate by the Red Hat's Product Security team as it requires the attacker to own an account with minimal privileges to create pods using the CRI-O utility.", "threat_severity": "Moderate"}