{"id":"PYSEC-2025-38","details":"OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be written to the target node disk. This is difficult to exploit in practice, because a node deployed in this manner should never reach the ACTIVE state, but it still represents a danger in environments running with non-default, insecure configurations such as with automated cleaning disabled. The fixed versions are 24.1.3, 26.1.1, and 29.0.1.","aliases":["CVE-2025-44021","GHSA-q3m2-crgq-5p3q"],"modified":"2025-09-19T04:24:09.584339Z","published":"2025-05-08T17:16:01Z","references":[{"type":"WEB","url":"https://bugs.launchpad.net/ironic/+bug/2107847"},{"type":"WEB","url":"https://security.openstack.org/ossa/OSSA-2025-001.html"}],"affected":[{"package":{"name":"ironic","ecosystem":"PyPI","purl":"pkg:pypi/ironic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"29.0.1"}]}],"versions":["0.0","10.1.10","10.1.7","10.1.8","10.1.9","11.1.1","11.1.2","11.1.3","11.1.4","12.0.0","12.1.0","12.1.1","12.1.2","12.1.3","12.1.4","12.1.5","12.1.6","12.2.0","13.0.0","13.0.1","13.0.2","13.0.3","13.0.4","13.0.5","13.0.6","13.0.7","14.0.0","15.0.0","15.0.1","15.0.2","15.1.0","15.2.0","16.0.0","16.0.1","16.0.2","16.0.3","16.0.4","16.0.5","16.1.0","16.2.0","17.0.0","17.0.1","17.0.2","17.0.3","17.0.4","17.1.0","18.0.0","18.1.0","18.2.0","18.2.1","18.2.2","18.3.0","19.0.0","20.0.0","20.1.0","20.1.1","20.1.2","20.1.3","20.2.0","21.0.0","21.1.0","21.1.1","21.1.2","21.2.0","21.3.0","21.4.0","21.4.1","21.4.2","21.4.3","21.4.4","22.0.0","22.1.0","23.0.0","23.0.1","23.0.2","23.0.3","23.0.4","23.0.5","23.1.0","24.0.0","24.1.0","24.1.1","24.1.2","24.1.3","25.0.0","26.0.0","26.1.0","26.1.1","27.0.0","28.0.0","29.0.0","9.1.6","9.1.7","24.1.4","26.1.2","24.1.5","26.1.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ironic/PYSEC-2025-38.yaml"}}],"schema_version":"1.7.3"}