Vulnerability Details CVE-2025-4374
A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.1%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2025-4374
-
cpe:2.3:a:redhat:quay:-
-
cpe:2.3:a:redhat:quay:1.12.0
-
cpe:2.3:a:redhat:quay:1.13.0
-
cpe:2.3:a:redhat:quay:1.13.1
-
cpe:2.3:a:redhat:quay:1.13.2
-
cpe:2.3:a:redhat:quay:1.13.3
-
cpe:2.3:a:redhat:quay:1.14.0
-
cpe:2.3:a:redhat:quay:1.14.1
-
cpe:2.3:a:redhat:quay:1.15.0
-
cpe:2.3:a:redhat:quay:1.15.2
-
cpe:2.3:a:redhat:quay:1.15.3
-
cpe:2.3:a:redhat:quay:1.15.4
-
cpe:2.3:a:redhat:quay:1.15.5
-
cpe:2.3:a:redhat:quay:1.16.0
-
cpe:2.3:a:redhat:quay:1.16.1
-
cpe:2.3:a:redhat:quay:1.16.2
-
cpe:2.3:a:redhat:quay:1.16.3
-
cpe:2.3:a:redhat:quay:1.16.4
-
cpe:2.3:a:redhat:quay:1.16.5
-
cpe:2.3:a:redhat:quay:1.16.6
-
cpe:2.3:a:redhat:quay:1.17.0
-
cpe:2.3:a:redhat:quay:1.17.1
-
cpe:2.3:a:redhat:quay:1.18.0
-
cpe:2.3:a:redhat:quay:1.18.1
-
cpe:2.3:a:redhat:quay:2.0.0
-
cpe:2.3:a:redhat:quay:2.0.1
-
cpe:2.3:a:redhat:quay:2.0.2
-
cpe:2.3:a:redhat:quay:2.0.3
-
cpe:2.3:a:redhat:quay:2.0.4
-
cpe:2.3:a:redhat:quay:2.0.5
-
cpe:2.3:a:redhat:quay:2.1.0
-
cpe:2.3:a:redhat:quay:2.2.0
-
cpe:2.3:a:redhat:quay:2.3.0
-
cpe:2.3:a:redhat:quay:2.3.1
-
cpe:2.3:a:redhat:quay:2.3.2
-
cpe:2.3:a:redhat:quay:2.3.3
-
cpe:2.3:a:redhat:quay:2.3.4
-
cpe:2.3:a:redhat:quay:2.4.0
-
cpe:2.3:a:redhat:quay:2.5.0
-
cpe:2.3:a:redhat:quay:2.6.0
-
cpe:2.3:a:redhat:quay:2.6.1
-
cpe:2.3:a:redhat:quay:2.6.2
-
cpe:2.3:a:redhat:quay:2.7.0
-
cpe:2.3:a:redhat:quay:2.8.0
-
cpe:2.3:a:redhat:quay:2.9.0
-
cpe:2.3:a:redhat:quay:2.9.1
-
cpe:2.3:a:redhat:quay:2.9.2
-
cpe:2.3:a:redhat:quay:2.9.3
-
cpe:2.3:a:redhat:quay:2.9.4
-
cpe:2.3:a:redhat:quay:2.9.5
-
cpe:2.3:a:redhat:quay:3.0.0
-
cpe:2.3:a:redhat:quay:3.0.1
-
cpe:2.3:a:redhat:quay:3.0.2
-
cpe:2.3:a:redhat:quay:3.0.3
-
cpe:2.3:a:redhat:quay:3.0.4
-
cpe:2.3:a:redhat:quay:3.0.5
-
cpe:2.3:a:redhat:quay:3.1.0
-
cpe:2.3:a:redhat:quay:3.1.1
-
cpe:2.3:a:redhat:quay:3.1.2
-
cpe:2.3:a:redhat:quay:3.1.3
-
cpe:2.3:a:redhat:quay:3.2.0
-
cpe:2.3:a:redhat:quay:3.2.1
-
cpe:2.3:a:redhat:quay:3.2.2
-
cpe:2.3:a:redhat:quay:3.3.0
-
cpe:2.3:a:redhat:quay:3.3.1
-
cpe:2.3:a:redhat:quay:3.3.2
-
cpe:2.3:a:redhat:quay:3.3.3
-
cpe:2.3:a:redhat:quay:3.3.4
-
cpe:2.3:a:redhat:quay:3.4.0
-
cpe:2.3:a:redhat:quay:3.4.1
-
cpe:2.3:a:redhat:quay:3.4.2
-
cpe:2.3:a:redhat:quay:3.4.3
-
cpe:2.3:a:redhat:quay:3.4.4
-
cpe:2.3:a:redhat:quay:3.4.5
-
cpe:2.3:a:redhat:quay:3.5.0
-
cpe:2.3:a:redhat:quay:3.5.1
-
cpe:2.3:a:redhat:quay:3.5.6