AZL-55067 CVE-2025-21613 affecting package cri-o 1.30.1-1

🗓️ 06 Jan 2025 17:15:47Reported by GoogleType

osv

osv🔗 osv.dev👁 1 Views

AZL-55067 CVE-2025-21613: cri-o 1.30.1-1 vulnerable to go-git injection via file transport.

Reporter	Title	Published	Views	Family All 239
IBM Security Bulletins	Security Bulletin: Due to use of go-git, IBM Instana Observability is vulnerable to a denial of service and argument injection vulnerability.	4 Mar 202505:22	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.3	7 Oct 202516:08	–	ibm
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for August 2025.	15 Sep 202507:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak	11 Jun 202501:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an argument injection vulnerability in go-git [CVE-2025-21613]	1 May 202520:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to PAM, go-git and Golang.org/X/Crypto	27 Feb 202503:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an argument injection vulnerability in go-git [CVE-2025-21613]	27 Feb 202517:16	–	ibm
Tenable Nessus	Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2025-824)	5 Feb 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : amazon-ssm-agent (ALAS-2025-2739)	4 Feb 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0013: grafana (ALINUX3-SA-2025:0013)	14 May 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-21613

21 Apr 2026 04:35Current

6.8Medium risk

Vulners AI Score6.8

CVSS 49.2

CVSS 3.19.8

EPSS0.03834

SSVC

cri o package version 1.30.1-1 go git prior file transport protocol argument injection