CVE-2025-31133

CWE-61 CWE-363 CWE-5917 documents10 sources

Severity

7.3HIGH

EPSS

0.0%

top 97.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opencontainers Runc Github.com Opencontainers/runc Linuxfoundation Runc

Timeline

PublishedNov 6

Latest updateNov 24

Description

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of servic…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages6 packages

▶CVEListV5opencontainers/runc< 1.2.8+4

▶Gogithub.com/opencontainers/runc1.3.0-rc.1 — 1.3.3+2

▶NVDlinuxfoundation/runc1.3.0 — 1.3.3+2

▶Debianrunc< 1.3.3+ds1-2

▶Ubunturunc-app< 1.3.3-0ubuntu1~22.04.2+5

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

runc-app, runc-stable regression↗2025-11-24

▶

OSV

Container escape via "masked path" abuse due to mount race conditions in github.com/opencontainers/runc↗2025-11-18

▶

CVEList

runc container escape via "masked path" abuse due to mount race conditions↗2025-11-06

▶

OSV

CVE-2025-31133: runc is a CLI tool for spawning and running containers according to the OCI specification↗2025-11-06

▶

OSV

runc container escape via "masked path" abuse due to mount race conditions↗2025-11-05

▶

📋Vendor Advisories

Microsoft

runc container escape via "masked path" abuse due to mount race conditions↗2025-11-11

▶

Red Hat

runc: container escape via 'masked path' abuse due to mount race conditions↗2025-11-05

▶

Ubuntu

runC vulnerabilities↗2025-11-04

▶

Debian

CVE-2025-31133: runc - runc is a CLI tool for spawning and running containers according to the OCI spec...↗2025

▶

🕵️Threat Intelligence

Bleepingcomputer

Dangerous runC flaws could allow hackers to escape Docker containers↗2025-11-09

▶

💬Community

Bugzilla

CVE-2025-31133 runc: container escape via 'masked path' abuse due to mount race conditions↗2025-10-17

▶

Bugzilla

CVE-2025-52565 runc: container escape with malicious config due to /dev/console mount and related races↗2025-10-17

▶