CVE-2025-24965Path Traversal in Crun

CWE-22Path Traversal5 documents5 sources
Severity
8.5HIGHNVD
EPSS
0.2%
top 55.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Containers Crun
Timeline
PublishedFeb 19

Description

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed in crun 1.20 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5containers/crun< 1.20

🔴Vulnerability Details

2
OSV
CVE-2025-24965: crun is an open source OCI Container Runtime fully written in C2025-02-19
CVEList
.krun_config.json symlink attack creates or overwrites file on the host in crun2025-02-19

📋Vendor Advisories

2
Red Hat
crun: .krun_config.json symlink attack creates or overwrites file on the host in crun2025-02-19
Debian
CVE-2025-24965: crun - crun is an open source OCI Container Runtime fully written in C. In affected ver...2025
CVE-2025-24965 — Path Traversal in Containers Crun | cvebase