Two vulnerabilities have been discovered in containerd. One involves incorrect directory path permissions potentially leading to unauthorized file access, and the other involves improper handling of container attach goroutines, potentially causing a denial of service.
David Leadbeater discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. (CVE-2024-25621) It was discovered that containerd did not properly handle the execution of the goroutine of container attach. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-64329)