The US National Vulnerability Database (NVD) has discovered three new vulnerabilities in runC. This is the container runtime used as the reference implementation of the Open Container Initiative (OCI) by Docker and Kubernetes, among others.
The security vulnerabilities, registered as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, make it possible to break through the separation between the container and the host system by manipulating mounts and symbolic links.
According to the description on nvd.nist.gov, the risk arises when an attacker influences the way mounts are created within a container. By using symlinks or race conditions, runC can unintentionally bind-mount files from the host system into the container, creating write permissions on sensitive system paths. This can lead to a complete container escape, allowing an attacker to execute code with root privileges on the host.
The vulnerabilities were discovered by SUSE developer and OCI board member Aleksa Sarai. In his explanation on GitHub, he describes how runC relies on temporary bind mounts of, for example, /dev/null or /dev/console to mask sensitive paths in certain situations.
If an attacker manages to place a symbolic link during container initialization, runC may accidentally mount an attacker-defined target.A symbolic link (Symlink) is a file that acts as a reference or shortcut to another file or folder, automatically redirecting programs to that target. This opens up the possibility of write operations in the /proc file system or other critical kernel interfaces.
Vulnerabilities now fixed
According to the NVD, CVE-2025-31133 and CVE-2025-52881 are considered universal and affect all runC versions, while CVE-2025-52565 specifically affects versions 1.0.0-rc3 and later. The vulnerabilities have now been fixed in runC versions 1.2.8, 1.3.3, and 1.4.0-rc.3 and later releases.
BleepingComputer reports that the bugs could theoretically be exploited via manipulated Docker images or custom container configurations. The platform quotes researchers from Sysdig, who indicate that the attack is not trivial to execute, as the attacker must have the ability to start containers with specific mount options. However, when that condition is met, the effect is severe, as container isolation can be completely bypassed.
Sysdig writes in its analysis that the attack can be recognized by suspicious symlink activity during container startup. The company recommends that organizations monitor log files and audit data for such patterns. The researchers emphasize that there is no evidence to date that the vulnerabilities are being actively exploited in the wild, but that the combination of simplicity in the architecture layer and the high privileges of runC makes the risks significant.
The developers of runC recommend upgrading to the latest version as soon as possible and using additional security mechanisms where possible. Enabling user namespaces without mapping the host’s root user prevents processes within the container from having direct access to host resources. The use of rootless containers is also mentioned as an effective way to limit the impact of a potential exploit.