CVE-2025-52565

Published Nov 6, 2025

Last updated 3 months ago

CVSS high 8.4
Container Security

Overview

Description
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
Source
security-advisories@github.com
NVD status
Analyzed
Products
runc

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
6
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-61

Social media

Hype score
Not currently trending

  1. ⚠️ Vulnerabilidades en productos Dell ❗ CVE-2025-53066 ❗ CVE-2025-52565 ❗ CVE-2025-38180 ➡️ Más info: https://t.co/n2C7JKck6A https://t.co/sMMKXtDq5T

    @CERTpy

    27 Feb 2026

    88 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #VulnerabilityReport #containerescape OCI Fixes Container Escape Vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) https://t.co/MSgAVO9Dle

    @Komodosec

    13 Dec 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. SIOSセキュリティブログを更新しました。 runcの脆弱性(Important: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) #sios_tech #security #セキュリティ https://t.co/XvdeohK0hz

    @omokazuki

    17 Nov 2025

    75 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. runcの脆弱性(Important: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) #sios_tech #security #セキュリティ https://t.co/XvdeohK0hz

    @omokazuki

    16 Nov 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. AWSは、runcコンテナに関する重要なセキュリティ問題(CVE-2025-31133、CVE-2025-52565、CVE-2025-52881)を発表しました。注意が必要です。詳細を確認し、適切な対策を講じましょう。 #AWS #セキュリティ https://t.co/ODVmPAHcp

    @OCGOT1616

    11 Nov 2025

    104 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Runc vulnerabilities CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 allow container escape and root access on hosts running Kubernetes and Docker. Patches are available but risks remain with untrusted images. #ContainerSecurity #KubernetesRisk https://t.co/r2svfOK2hp

    @TweetThreatNews

    10 Nov 2025

    37 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 先日発表されたrunc関連のCVEに対するRed Hat製品の修正です。 CVE-2025-31133: https://t.co/ljWeQvJ2L0 CVE-2025-52565: https://t.co/v5ZyUlnKyz CVE-2025-52881: https://t.co/xK6B78zJr5

    @orimanabu

    10 Nov 2025

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 『新たな runc の脆弱性によりコンテナからのエスケープが可能に:CVE-2025-31133、CVE-2025-52565、CVE-2025-52881』 2025年11月5日、SUSE のリサーチャーが 3 つの脆弱性を明らかにしました。 https://t.co/nXa9XLaocc #脆弱性 #CV

    @TakaoShimizu1

    10 Nov 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. oss-sec: runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 https://t.co/5NjEXUU2H4

    @akaclandestine

    9 Nov 2025

    854 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. #Kubernetes: Newly disclosed #vulnerabilities in the #runC container runtime used in #Docker & Kubernetes (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) could be exploited to bypass isolation restrictions & get access to the host system (escape): #k8s https://t.co/uS

    @securestep9

    9 Nov 2025

    307 Impressions

    1 Retweet

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. New runc vulnerabilities allow container escape: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 https://t.co/VVqkawy1LD

    @jreuben1

    8 Nov 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. AWS released new Amazon Machine Images AMIs for Amazon ECS, AWS Elastic Beanstalk, Bottlerocket on November 5, 2025, to address critical runc security vulnerabilities CVE-2025-31133, CVE-2025-52565, CVE-2025-52881. Customers are strongly recommended to update to versions to fix.

    @ismailriyaz999

    8 Nov 2025

    62 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. runc: Container escapes via procfs writes https://t.co/pDDvCWQtsL CVE-2025-31133: via masked path abuse due to mount race conditions CVE-2025-52565: with malicious config due to /dev/console mount and related races CVE-2025-52881: and DoS due to arbitrary write gadgets and procfs

    @oss_security

    7 Nov 2025

    1070 Impressions

    2 Retweets

    6 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  14. runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 https://t.co/EF1sO5kbd0

    @ytroncal

    5 Nov 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 3 new container breakouts in runc CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 - containers don't contain! containers are a security dumpsterfire https://t.co/OLegTlKCXx

    @nanovms

    5 Nov 2025

    303 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)CVE-2025-15566
  2. A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.CVE-2026-24514
  3. A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the `auth-url` annotation may be accessed even when authentication fails. Note that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component.CVE-2026-24513
  4. A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)CVE-2026-24512
  5. A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)CVE-2026-1580

References

Sources include official advisories and independent security research.