Three critical vulnerabilities in runc the default runtime for Docker and Kubernetes have been disclosed, potentially allowing attackers to escape container boundaries and compromise host systems.
Disclosed on November 5, 2025, by SUSE researcher Aleksa Sarai, these flaws (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881) exploit race conditions and mount manipulations to bypass isolation mechanisms.
While no public exploits have surfaced yet, security experts warn that malicious container images could deliver these attacks, targeting unpatched deployments in production clouds.
Runc, part of the Open Container Initiative (OCI), handles container spawning and execution.
These vulnerabilities stem from inadequate validation during container initialization, enabling root-level access on the host.
Attackers need only the ability to launch containers with custom mounts, often via tainted Dockerfiles or images from untrusted registries.
This underscores the risks in multi-tenant Kubernetes clusters or Docker hosts running third-party workloads.
Vulnerability Breakdown
CVE-2025-31133: MaskedPaths Abuse
This flaw abuses runc’s maskedPaths feature, meant to shield host files like /proc entries.
By symlinking /dev/null to an attacker-controlled path during init, runc bind-mounts arbitrary host files read-write into the container.
This grants access to sensitive /proc/sys/kernel/core_pattern, facilitating escapes or denial-of-service via core dumps.
CVE-2025-52565: /dev/console Mount Races
Targeting the bind-mount of /dev/pts/$n to /dev/console, this issue occurs pre-protection.
Attackers race to redirect mounts, exposing writable procfs paths before safeguards like readonlyPaths activate.
Similar to CVE-2025-31133, it enables core_pattern manipulation for breakout.
CVE-2025-52881: Procfs Write Redirects
The most versatile, this allows racing shared mounts to misdirect runc’s /proc writes, bypassing Linux Security Modules (LSM).
Attackers can redirect sysctl or label writes to gadgets like /proc/sysrq-trigger (for crashes) or core_pattern (for escapes), affecting all procfs operations.
Impact and Scope
All runc versions are vulnerable to CVE-2025-31133 and CVE-2025-52881; CVE-2025-52565 hits 1.0.0-rc3+.
Fixes land in 1.2.8, 1.3.3, and 1.4.0-rc3+. Platforms like AWS EKS and ECS have patched, but legacy setups lag. CVSS scores hover at 7.3 (high), with potential for full host takeover.
Detection and Mitigation
Sysdig and Falco users can monitor symlinks to /proc targets via custom rules, flagging /dev/null or /dev/pts/ paths.
For detection, scan inventories for vulnerable runc via tools like Sysdig Secure’s Threat Intelligence.
Mitigate by updating runc immediately, enabling user namespaces (blocking procfs access), and favoring rootless mode.
Scrutinize images and apply vendor updates Red Hat, Ubuntu, and SUSE have advisories. In Kubernetes, runtimeClass policies enforce secure configs.
As container adoption surges, these runc flaws highlight the fragility of isolation. Organizations should audit runtimes now to avert breaches.
For deeper dives, see GitHub advisories: GHSA-9493-h29p-rfm2, GHSA-qw9x-cqr3-wc7r, GHSA-cgrx-mc8f-2prm.
