{"id":"CVE-2021-25749","details":"Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.","modified":"2026-02-24T11:36:29.889893Z","published":"2023-05-24T17:15:09.413Z","related":["CGA-fj5r-3rmh-ww9p","SUSE-SU-2023:2292-1","openSUSE-SU-2024:12780-1"],"references":[{"type":"ARTICLE","url":"https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes/kubernetes","events":[{"introduced":"4ce5a8954017644c5420bae81d72b09b735c21f0"},{"fixed":"e979822c185a14537054f15808a118d7fcce1d6e"},{"introduced":"ab69524f795c42094a6630298ff53f3c3ebab7f4"},{"fixed":"dc2898b20c6bd9602ae1c3b51333e2e4640ed249"},{"introduced":"c2b5237ccd9c0f1d600d3072634ca66cefdf272f"},{"fixed":"bccf857df03c5a99a35e34020b3b63055f0c12ec"}]}],"versions":["v1.22.0","v1.22.1","v1.22.1-rc.0","v1.22.10","v1.22.10-rc.0","v1.22.11","v1.22.11-rc.0","v1.22.12","v1.22.12-rc.0","v1.22.13","v1.22.13-rc.0","v1.22.14-rc.0","v1.22.2","v1.22.2-rc.0","v1.22.3","v1.22.3-rc.0","v1.22.4","v1.22.4-rc.0","v1.22.5","v1.22.5-rc.0","v1.22.6","v1.22.6-rc.0","v1.22.7","v1.22.7-rc.0","v1.22.8","v1.22.8-rc.0","v1.22.9","v1.22.9-rc.0","v1.23.0","v1.23.1","v1.23.1-rc.0","v1.23.10","v1.23.10-rc.0","v1.23.11-rc.0","v1.23.2","v1.23.2-rc.0","v1.23.3","v1.23.3-rc.0","v1.23.4","v1.23.4-rc.0","v1.23.5","v1.23.5-rc.0","v1.23.6","v1.23.6-rc.0","v1.23.7","v1.23.7-rc.0","v1.23.8","v1.23.8-rc.0","v1.23.9","v1.23.9-rc.0","v1.24.0","v1.24.1","v1.24.1-rc.0","v1.24.2","v1.24.2-rc.0","v1.24.3","v1.24.3-rc.0","v1.24.4","v1.24.4-rc.0","v1.24.5-rc.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25749.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}