Full Report
Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system. [...]
Analysis Summary
# Vulnerability: runC Container Escape via Malicious Mount Manipulation
## CVE Details
- CVE ID: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881
- CVSS Score: (Severity scores not provided in the text, listed as "all ()")
- CWE: Not explicitly stated, but relates to improper path/file handling and privilege escalation.
## Affected Systems
- Products: runC container runtime (used by Docker and Kubernetes)
- Versions:
- CVE-2025-31133 & CVE-2025-52881: All versions of runC.
- CVE-2025-52565: runC versions 1.0.0-rc3 and later.
- Configurations: Systems running containers where an attacker can start a container with custom mount configurations (e.g., via malicious container images or Dockerfiles).
## Vulnerability Description
These three vulnerabilities allow an attacker, running inside a container, to bypass isolation restrictions and achieve root access on the host system. The flaws stem from runC's handling of sensitive file bind-mounts during container initialization, specifically concerning `/dev/null` and `/dev/console`.
1. **CVE-2025-31133:** Attackers can replace `/dev/null` with a symlink during container initialization. This causes runC to bind-mount an attacker-controlled location read-write into the container, enabling writes to `/proc` and leading to container escape.
2. **CVE-2025-52565:** The `/dev/console` bind mount can be redirected via races or symlinks before security protections are fully applied, exposing writable access to critical `procfs` entries and allowing breakouts.
3. **CVE-2025-52881:** runC can be tricked into redirecting writes intended for `/proc` to attacker-controlled targets. This can bypass LSM relabel protections and allow arbitrary writes to sensitive files like `/proc/sysrq-trigger`.
## Exploitation
- Status: PoC available (Implied by researcher disclosure, no explicit mention of PoC link, but exploitation techniques are detailed). Not exploited in the wild (as of the article date).
- Complexity: Medium (Requires the ability to start containers with custom mount configurations).
- Attack Vector: Local (Requires running code within a container context).
## Impact
- Confidentiality: High (Potential access to host system details).
- Integrity: High (Ability to write arbitrary files, including configuration files or triggering system events).
- Availability: High (Potential for host system compromise/disruption).
## Remediation
### Patches
Fixes are available in the following runC versions and later:
* v1.2.8
* v1.3.3
* v1.4.0-rc.3
### Workarounds
1. Activate user namespaces for all containers *without* mapping the host root user into the container's namespace. This leverages Unix DAC permissions to prevent namespaced users from accessing critical host files.
2. Use rootless containers where possible to minimize the potential damage of a successful exploit.
## Detection
- Indicators of Compromise: Monitoring for suspicious symlink behaviors during container startup processes.
- Detection methods and tools: Monitoring for unauthorized redirection or modification of bind mounts involving sensitive files like `/dev/null` and `/dev/console` during container initialization, especially in environments where custom mount configurations are allowed.
## References
- Vendor Advisories/Details:
- [https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2](https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2) (CVE-2025-31133)
- [https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r](https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r) (CVE-2025-52565)
- [https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm](https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm) (CVE-2025-52881)
- Researcher Disclosure: [https://seclists.org/oss-sec/2025/q4/138](https://seclists.org/oss-sec/2025/q4/138)