Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Runc Vulnerabilities Can Be Exploited to Escape Containers

The flaws tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 have been patched.

Several vulnerabilities discovered recently in the Runc container runtime can be exploited to escape containers and gain root access to the host system.

Runc is the low-level tool designed for creating and running containers. It’s used by Kubernetes, Docker, and other platforms. 

Aleksa Sarai of SUSE Linux revealed last week that he and several other researchers discovered and reported potentially serious vulnerabilities that can lead to “full container breakouts”.

Runc updates that should patch the vulnerabilities have been released. Some affected vendors were notified ahead of public disclosure, and companies such as Red Hat and AWS have released their own advisories to inform customers of the impact of the security holes. 

The vulnerabilities are tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, and they can be exploited using malicious containers. 

“[The] attacks rely on starting containers with custom mount configurations — if you do not run untrusted container images from unknown or unverified sources then these attacks would not be possible to exploit,” Sarai noted.

Advertisement. Scroll to continue reading.

The vulnerabilities have all been assigned a CVSS score of 4.0, which puts them in the ‘medium severity’ category. However, Sarai pointed out that these scores “are based on the threat model from *runc’s point of view*” and their severity would be much higher from the perspective of “network-enabled systems like Docker or Kubernetes”.

While there is no evidence of in-the-wild exploitation, security companies such as Sysdig have added exploitation detections to their products.

Related: Echo Raises $15M in Seed Funding for Vulnerability-Free Container Images

Related: Exposed Docker APIs Likely Exploited to Build Botnet

Related: Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.