Vulnerability Database

296,137

Total vulnerabilities in the database

CVE-2025-4374

A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.

  • Published: May 6, 2025
  • Updated: May 7, 2025
  • CVE: CVE-2025-4374
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWEs:

Software From Fixed in
redhat / quay - 3.14.0.x