OCI Fixes Container Escape Vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881)
Ddos 
The Open Container Initiative (OCI) has released security updates to address three high-severity vulnerabilities affecting its container runtime runc, including flaws that could lead to container escape, denial of service, and privilege escalation on the host system.
The vulnerabilities—tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881—impact all runc versions up to 1.2.7, 1.3.2, and 1.4.0-rc.2, and have been patched in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.
CVE-2025-31133: Masked Path Race Condition Enables Container Escape
The first vulnerability (CVSS 7.3) involves a mount race condition in runc’s implementation of maskedPaths, a feature designed to protect sensitive host directories by mounting a read-only tmpfs or binding /dev/null over specific system files.
According to OCI’s advisory, “The OCI runtime specification has a maskedPaths feature that allows for files or directories to be ‘masked’ by placing a mount on top of them to conceal their contents.”
However, researchers discovered that runc failed to verify that the source /dev/null was genuine, allowing attackers to replace it with a symlink to another file. OCI explains that this flaw “could lead to Host Denial of Service, Host Information Disclosure, or Container Escape.”
Attackers could, for example, bind-mount /proc/sysrq-trigger to gain write access to kernel controls, causing a system crash, or reconfigure /proc/sys/kernel/core_pattern to execute arbitrary commands as root on the host, achieving complete system compromise.
OCI classifies this issue as high severity, warning that “because maskedPaths is applied by almost all higher-level container runtimes… this flaw effectively allows any attacker that can spawn containers to achieve the above goals.”
CVE-2025-52565: Exploiting /dev/console Bind-Mounts for Escalation
The second flaw (CVSS 7.3) targets the bind-mount of /dev/pts/$n to /dev/console, which is configured by default for containers that allocate consoles.
OCI describes the issue as “a similar vulnerability in a different target (namely, the bind-mount of /dev/pts/$n to /dev/console).”
By exploiting race conditions during the mounting process, an attacker can cause runc to bind host paths that would normally be protected (such as /proc/sysrq-trigger or /proc/sys/kernel/core_pattern) into writable locations inside the container.
This enables either a denial of service (by crashing the host) or a privilege escalation (by manipulating the kernel core dump handler).
The vulnerability exists because “the /dev/console bind-mount happens before maskedPaths and readonlyPaths are applied,” OCI explained.
CVE-2025-52881: Arbitrary Write Gadgets and LSM Bypass
The third vulnerability, CVE-2025-52881 (CVSS 7.3), extends the impact of the earlier flaws by allowing arbitrary write redirection inside /proc, potentially bypassing Linux Security Module (LSM) protections such as AppArmor and SELinux.
The report states that “this attack is primarily a more sophisticated version of CVE-2019-19921,” enabling an attacker to trick runc into writing process labels or sysctl data to unintended kernel interfaces.
By exploiting shared mount namespaces and symbolic link manipulation, attackers can redirect these writes to critical kernel paths such as /proc/sysrq-trigger, forcing a host crash, or to /proc/sys/kernel/core_pattern to achieve code execution with root privileges.
OCI confirmed that “the fact that this attack allows you to disable LSM labels makes it a very useful attack to combine with CVE-2025-31133,” effectively nullifying AppArmor-based mitigations.
Mitigations and Recommendations
OCI recommends several mitigations while users apply patches:
- Enable user namespaces: “We strongly recommend all users use user namespaced containers. They have proven to be one of the best security hardening mechanisms against container breakouts.”
- Use non-root users inside containers: Configure containers to disallow root privileges, enable
noNewPrivileges, and use unprivileged sysctl configurations to reduce risk. - Avoid untrusted container images: “Do not run untrusted container images from unknown or unverified sources.”
- Use rootless containers where possible: OCI noted that “rootless containers can provide even more protection… as runc itself would be an unprivileged process.”
- AppArmor and SELinux configurations offer partial protection, but OCI warns that CVE-2025-52881 can bypass both under certain conditions.
Related Posts:
- CVE-2024-21626: Docker Confronts Critical Container Escape Threat
- Critical Cisco ISE Cloud Vulnerability (CVSS 9.9) with PoC Exploit Threatens AWS, Azure, OCI
- Docker Compose Path Traversal (CVE-2025-62725) Allows Arbitrary File Overwrite via OCI Artifacts
- Critical Docker Desktop Vulnerability Exposes Host Systems to Container Abuse
Donate