Security researchers have revealed three serious vulnerabilities in runC, the Open Container Initiative (OCI)-compliant runtime that powers platforms such as Docker and Kubernetes, which could allow attackers to break container isolation and gain control of the host system. The flaws, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, stem from weaknesses in how runC manages temporary bind mounts, symbolic links (symlinks), and certain write operations. Together, they can be exploited to achieve complete container escapes and even host-level compromises.
According to the U.S. National Vulnerability Database (NVD) and the runC project’s own advisories, these vulnerabilities arise from logic and race-condition errors within runC’s path resolution and mount handling. The issue occurs when runC attempts to mask access to restricted files by bind-mounting safe inodes such as /dev/null or /dev/console.
If an attacker introduces a symlink or triggers a race condition during container initialization, the runtime may accidentally mount an attacker-specified target path, granting write access to critical host system files. This misconfiguration can expose kernel interfaces such as /proc/sys/kernel/core_pattern or /proc/sysrq-trigger, which, if modified, can be used to crash the host or escape the container environment entirely.
Aleksa Sarai, a developer at SUSE and member of the OCI Technical Board, explained that runC’s method for masking files is vulnerable because of how it interacts with symbolic links during initialization. “If an attacker places a symlink at the right time, runC may inadvertently mount an attacker-defined target, creating dangerous write access to critical kernel interfaces in /proc,” Sarai warned. The advisories emphasize that all three vulnerabilities could permit full container breakouts by bypassing runC’s intended restrictions.
Details of all the Vulnerabilities: CVE-2025-31133, CVE-2025-52565 and CVE-2025-52881
CVE-2025-31133 involves how runC implements “masked paths.” When the runtime bind-mounts /dev/null over a file to block access, an attacker can replace /dev/null with a symlink to a sensitive host file. This can cause runC to mount that host path as read-write, enabling an attacker to alter kernel parameters or trigger system crashes through /proc/sysrq-trigger. This vulnerability impacts all known versions of runC before the latest patches.
CVE-2025-52565 is a similar issue that targets /dev/console mounts. When runC attempts to bind /dev/console to /dev/pts/$n, an attacker who replaces /dev/pts/$n with a symlink can cause the bind-mount to target a different file. This vulnerability affects all versions of runC from 1.0.0-rc3 onward. Like CVE-2025-31133, it can be exploited to create read-write binds to critical procfs files, resulting in container breakout. The flaw has a CVSS score of 7.3.
While addressing CVE-2025-52565, developers also identified potential risks in how runC used file creation functions. Though these were not directly exploitable, fixes were included as a precaution. Additional mitigations were also applied to reduce race conditions in /dev/pts/$n, even though they are largely hypothetical in most deployments.
CVE-2025-52881 represents a more advanced attack vector that builds on previous runC vulnerabilities. It allows an attacker to redirect write operations within procfs, bypassing Linux Security Module (LSM) protections such as AppArmor and SELinux. This could enable malicious writes to files like /proc/sysrq-trigger, causing host crashes, or to /proc/sys/kernel/core_pattern, facilitating a container escape.
This vulnerability affects all known versions of runC and has a CVSS score of 7.3. Researchers note that CVE-2025-52881 can pair with the other two flaws to simplify exploitation, acting as an LSM bypass that allows arbitrary writes to host files.
Fixes, Versions, and Mitigation
The vulnerabilities have been addressed in runC v1.2.8, v1.3.3, and v1.4.0-rc.3. The patches introduce extensive code changes not only to runC itself but also to the supporting library filepath-securejoin, which handles secure path resolution. Maintainers strongly advise vendors and users to upgrade directly to these versions rather than applying individual patches, as the fixes are interdependent and cover overlapping issues across the three CVEs.
Recommended mitigations include:
- By preventing the host root user from being mapped inside the container, unauthorized writes to procfs files are blocked by standard Unix permissions.
- Containers should be configured with restricted privileges, and setuid binaries should be disabled using the noNewPrivileges flag.
- SELinux may help limit exposure in certain cases, but CVE-2025-52881 can bypass LSM protections, making AppArmor or SELinux alone insufficient.
While these mitigations reduce exposure, immediate upgrades remain the most effective defense. The advisories caution that CVE-2025-52881 can undermine even strong LSM-based defenses if the runtime is not patched.
Conclusion
The recent runC vulnerabilities and coordinated fixes across runtimes demonstrate the critical need for proactive, intelligence-driven cybersecurity. Organizations using Docker, Kubernetes, or other OCI-based platforms should promptly upgrade to the patched versions (v1.2.8, v1.3.3, or v1.4.0-rc.3) and carefully review container privileges to reduce risk. The research contributions from Lei Wang, Li Fubang, Tõnis Tiigi, and Aleksa Sarai highlight the importance of cross-runtime collaboration to prevent container escapes.
Complementing these efforts, Cyble’s AI-Native Threat Intelligence Platform, including Blaze AI, provides autonomous monitoring of vulnerabilities, threat prediction, and remediation, enabling security teams to stay ahead of attacks, protect critical assets, and maintain security defenses in complex containerized environments.
Book a personalized demo to see how Cyble can detect threats and protect your assets in real time.
