Full Report
Security researchers have revealed three serious vulnerabilities in runC, the Open Container Initiative (OCI)-compliant runtime that powers platforms such as Docker and Kubernetes, which could allow attackers to break container isolation and gain control of the host system. The flaws, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, stem from weaknesses in how runC manages temporary bind mounts, symbolic links (symlinks), and certain write operations. Together, they can be exploited to achieve complete container escapes and even host-level compromises. According to the U.S. National Vulnerability Database (NVD) and the runC project’s own advisories, these vulnerabilities arise from logic and race-condition errors within runC’s path resolution and mount handling. The issue occurs when runC attempts to mask access to restricted files by bind-mounting safe inodes such as /dev/null or /dev/console. If an attacker introduces a symlink or triggers a race condition during container initialization, the runtime may accidentally mount an attacker-specified target path, granting write access to critical host system files. This misconfiguration can expose kernel interfaces such as /proc/sys/kernel/core_pattern or /proc/sysrq-trigger, which, if modified, can be used to crash the host or escape the container environment entirely. Aleksa Sarai, a developer at SUSE and member of the OCI Technical Board, explained that runC’s method for masking files is vulnerable because of how it interacts with symbolic links during initialization. “If an attacker places a symlink at the right time, runC may inadvertently mount an attacker-defined target, creating dangerous write access to critical kernel interfaces in /proc,” Sarai warned. The advisories emphasize that all three vulnerabilities could permit full container breakouts by bypassing runC’s intended restrictions. Details of all the Vulnerabilities: CVE-2025-31133, CVE-2025-52565 and CVE-2025-52881 CVE-2025-31133 involves how runC implements “masked paths.” When the runtime bind-mounts /dev/null over a file to block access, an attacker can replace /dev/null with a symlink to a sensitive host file. This can cause runC to mount that host path as read-write, enabling an attacker to alter kernel parameters or trigger system crashes through /proc/sysrq-trigger. This vulnerability impacts all known versions of runC before the latest patches. CVE-2025-52565 is a similar issue that targets /dev/console mounts. When runC attempts to bind /dev/console to /dev/pts/$n, an attacker who replaces /dev/pts/$n with a symlink can cause the bind-mount to target a different file. This vulnerability affects all versions of runC from 1.0.0-rc3 onward. Like CVE-2025-31133, it can be exploited to create read-write binds to critical procfs files, resulting in container breakout. The flaw has a CVSS score of 7.3. While addressing CVE-2025-52565, developers also identified potential risks in how runC used file creation functions. Though these were not directly exploitable, fixes were included as a precaution. Additional mitigations were also applied to reduce race conditions in /dev/pts/$n, even though they are largely hypothetical in most deployments. CVE-2025-52881 represents a more advanced attack vector that builds on previous runC vulnerabilities. It allows an attacker to redirect write operations within procfs, bypassing Linux Security Module (LSM) protections such as AppArmor and SELinux. This could enable malicious writes to files like /proc/sysrq-trigger, causing host crashes, or to /proc/sys/kernel/core_pattern, facilitating a container escape. This vulnerability affects all known versions of runC and has a CVSS score of 7.3. Researchers note that CVE-2025-52881 can pair with the other two flaws to simplify exploitation, acting as an LSM bypass that allows arbitrary writes to host files. Fixes, Versions, and Mitigation The vulnerabilities have been addressed in runC v1.2.8, v1.3.3, and v1.4.0-rc.3. The patches introduce extensive code changes not only to runC itself but also to the supporting library filepath-securejoin, which handles secure path resolution. Maintainers strongly advise vendors and users to upgrade directly to these versions rather than applying individual patches, as the fixes are interdependent and cover overlapping issues across the three CVEs. Recommended mitigations include: By preventing the host root user from being mapped inside the container, unauthorized writes to procfs files are blocked by standard Unix permissions. Containers should be configured with restricted privileges, and setuid binaries should be disabled using the noNewPrivileges flag. SELinux may help limit exposure in certain cases, but CVE-2025-52881 can bypass LSM protections, making AppArmor or SELinux alone insufficient. While these mitigations reduce exposure, immediate upgrades remain the most effective defense. The advisories caution that CVE-2025-52881 can undermine even strong LSM-based defenses if the runtime is not patched. Conclusion The recent runC vulnerabilities and coordinated fixes across runtimes demonstrate the critical need for proactive, intelligence-driven cybersecurity. Organizations using Docker, Kubernetes, or other OCI-based platforms should promptly upgrade to the patched versions (v1.2.8, v1.3.3, or v1.4.0-rc.3) and carefully review container privileges to reduce risk. The research contributions from Lei Wang, Li Fubang, Tõnis Tiigi, and Aleksa Sarai highlight the importance of cross-runtime collaboration to prevent container escapes. Complementing these efforts, Cyble’s AI-Native Threat Intelligence Platform, including Blaze AI, provides autonomous monitoring of vulnerabilities, threat prediction, and remediation, enabling security teams to stay ahead of attacks, protect critical assets, and maintain security defenses in complex containerized environments. Book a personalized demo to see how Cyble can detect threats and protect your assets in real time.
Analysis Summary
# Vulnerability: Multiple Critical Container Escape Flaws in runC via Bind Mount Race Conditions
## CVE Details
- CVE ID: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881
- CVSS Score: 7.3 (for CVE-2025-52565 and CVE-2025-52881; the score for CVE-2025-31133 is implied to be high based on impact)
- CWE: Logic and race-condition errors in path resolution and mount handling.
## Affected Systems
- Products: runC (the OCI-compliant runtime for Docker, Kubernetes, and other container platforms).
- Versions: All known versions of runC before patched releases.
- CVE-2025-52565 specifically affects versions from 1.0.0-rc3 onward.
- Configurations: Systems where runC attempts to mask restricted files by bind-mounting safe inodes (like `/dev/null` or `/dev/console`).
## Vulnerability Description
These three vulnerabilities stem from logic and race-condition errors in how runC handles temporary bind mounts and path resolution during container initialization. Specifically, when runC tries to mask access to restricted files by bind-mounting safe inodes (e.g., `/dev/null` onto a target), an attacker can exploit flaws in how symbolic links (symlinks) are handled or race conditions during mounting.
1. **CVE-2025-31133 (Masked Paths):** Allows an attacker to replace a target path (intended to be mounted with `/dev/null`) with a symlink pointing to a sensitive host file, leading to that host path being mounted as read-write.
2. **CVE-2025-52565 (/dev/console Mounts):** Targets the bind mount of `/dev/console` to `/dev/pts/$n`. An attacker can replace `/dev/pts/$n` with a symlink, redirecting the mount to an arbitrary, sensitive file.
3. **CVE-2025-52881 (Procfs Write Bypass):** An advanced vector allowing redirection of write operations within procfs (e.g., to `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern`), effectively bypassing Linux Security Module (LSM) protections like AppArmor and SELinux.
## Exploitation
- Status: The description implies that exploitation leads to full container escapes and host-level compromise. Specific public PoC availability is not noted, but the researchers have demonstrated exploitability.
- Complexity: Medium to High (Requires precise timing for race conditions or placement of symlinks during initialization).
- Attack Vector: Local (Gained access inside a privileged or non-privileged container).
## Impact
- Confidentiality: High (Potential to read host files depending on exploited path).
- Integrity: Critical (Ability to alter kernel parameters or configuration files, e.g., via `/proc/sys/kernel/core_pattern`).
- Availability: Critical (Ability to crash the host system via triggers like `/proc/sysrq-trigger`).
## Remediation
### Patches
Organizations must upgrade to coordinated, patched versions of runC:
- **runC v1.2.8**
- **runC v1.3.3**
- **runC v1.4.0-rc.3**
*Note: Patches involve extensive changes in runC and the supporting library `filepath-securejoin`.*
### Workarounds
Immediate upgrade is strongly advised. If upgrading is delayed, these mitigations reduce risk but may not fully stop organized attacks, especially those related to CVE-2025-52881:
1. **Privilege Restriction:** Configure containers to block the host root user from being mapped inside the container (using user namespace remapping).
2. **NoNewPrivileges:** Disable setuid binaries inside containers using the `noNewPrivileges` flag.
3. **LSM Configuration:** While not a complete fix (as CVE-2025-52881 can bypass them), maintaining strong AppArmor or SELinux policies is recommended as a defense-in-depth layer.
## Detection
- **Detection Methods:** Monitor container initialization routines for unexpected bind mounts involving sensitive `/proc` paths or unexpected creation/manipulation of symlinks that could precede a mount operation. Look for processes attempting to write to files like `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` from within a container context.
- **Detection Tools:** Threat intelligence platforms monitoring vulnerability databases (like Cyble’s) should flag versions older than the patched releases.
## References
- Vendor Advisories: runC project advisories (NVD information referenced).
- Relevant Links:
- Information regarding Cyble’s threat intelligence platform: hxxps://cyble.com/request-demo/