Local Privilege Escalation Vulnerability in Google gVisor's runsc Component
CVE-2025-2713

6.8MEDIUM

Key Information:

Vendor: Google
Status: Gvisor
Vendor: CVE Published:; 28 March 2025

Summary

The runsc component of Google gVisor contains a local privilege escalation vulnerability stemming from improper handling of file access permissions. This flaw allows unprivileged users to gain access to restricted files, as the process operates with root-like permissions prior to its first fork. The implications of this vulnerability could enable unauthorized information disclosure and alterations to sensitive files, underscoring the need for immediate attention and system updates.

Affected Version(s)

gVisor release-20250319.0

References

https://github.com/google/gvisor/commit/586c38d70081b13b2...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 24, 2025