Container Misconfiguration Vulnerability in runc Tool by Open Containers Initiative
CVE-2025-52881

7.3HIGH

Key Information:

Vendor

Opencontainers

Status
Runc
Vendor
CVE Published:
6 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-52881?

The runc tool, designed to manage container lifecycle for OCI-compliant containers, faces a vulnerability that allows attackers to manipulate the expected behavior of the container's filesystem. This is achieved by creating a racing condition where writes intended for specific procfs files are redirected to others, potentially exposing sensitive data or leading to unintended side effects. This misdirection can be exploited using shared mounts and symbolic links in a tmpfs, leveraging Docker build configurations. The issue has been addressed in subsequent versions, ensuring that write operations adhere to strict checks for procfs file integrity.

Affected Version(s)

runc <= 1.2.7, < 1.2.8 < 1.2.7, 1.2.8

runc <= 1.3.2, < 1.3.3 < 1.3.2, 1.3.3

runc <= 1.4.0-rc.2, < 1.4.0-rc.3 < 1.4.0-rc.2, 1.4.0-rc.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

proxmox-lxc-docker-fix
Created by jq6l43d1

References

https://github.com/opencontainers/runc/security/advisorie...
x_refsource_CONFIRM
https://github.com/opencontainers/runc/security/advisorie...
x_refsource_MISC
https://github.com/opencontainers/runc/security/advisorie...
x_refsource_MISC

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-52881 : Container Misconfiguration Vulnerability in runc Tool by Open Containers Initiative