Critical runC Vulnerabilities Allow Container Escape in Docker, Kubernetes

runC Vulnerabilities Allow Container Isolation Bypass

Three severe vulnerabilities in runc, the container runtime powering Docker and Kubernetes, enable attackers to break container isolation and achieve root access on host systems. The flaws were disclosed by a SUSE researcher on November 5, 2025, affecting containerized environments worldwide.

The three CVEs—CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881—exploit weaknesses in runc’s mount operations and file protections during container creation. Attackers can leverage race conditions and symbolic link manipulation to bypass security restrictions, gaining the ability to write to critical system files that facilitate container escape. More details on GitHub Security Advisories.

Affected and Fixed Versions

Patched versions are available in runC versions 1.2.8, 1.3.3, 1.4.0-rc.3, and later.

Attack Vectors and Technical Details

The most likely attack vector involves malicious container images or Dockerfiles with custom mount configurations. Each vulnerability works differently to circumvent container security. Sysdig shares that attempts to exploit any of the three security issues can be detected by monitoring suspicious symlink behaviors.

• CVE-2025-31133 targets the maskedPaths feature, which prevents containers from accessing sensitive host files. Attackers replace /dev/null with a symbolic link during container creation, tricking runc into mounting arbitrary host paths. This allows writes to critical files like /proc/sys/kernel/core_pattern, enabling system compromise. More on GHSA-9493-h29p-rfm2.
• CVE-2025-52565 exploits insufficient validation during /dev/pts/$n mounting to /dev/console. The vulnerability permits attackers to redirect mounts before security protections activate, granting unauthorized write access to protected procfs files. This bypass undermines container isolation boundaries. Details on GHSA-qw9x-cqr3-wc7r.
• CVE-2025-52881 abuses race conditions with shared mounts to redirect runc writes to /proc files. Attackers can manipulate dangerous system files such as /proc/sysrq-trigger, potentially crashing systems or enabling container escape through privilege escalation. See GHSA-cgrx-mc8f-2prm for more.

Mitigation and Detection

Organizations running Docker, Kubernetes, or any services using runc must upgrade immediately to patched versions 1.2.8, 1.3.3, or 1.4.0-rc.3 and later. The widespread use of runc across containerized infrastructure makes these vulnerabilities particularly dangerous.

RunC developers also shared mitigation actions, which include activating user namespaces for all containers without mapping the host root user into the container's namespace. This precaution should block the most important parts of the attack because of the Unix DAC permissions that would prevent namespaced users from accessing relevant files. More information can be found on Sysdig.

Sysdig also recommends using rootless containers, if possible, to reduce the potential damage from exploiting a vulnerability. Additional mitigations and detections are available.

Container operators should audit deployed environments for suspicious mount configurations and monitor for container escape attempts. Additionally, organizations should implement strict image scanning policies to detect malicious Dockerfiles attempting these exploitation techniques. More information on container security.

Falco Rule for Detection

Sysdig Secure and Falco users can detect exploitation of these vulnerabilities by monitoring suspicious symlink behaviors. The Falco rule shown below is experimental and can detect CVE-2025-31133 and CVE-2025-52565 activity. More details on Falco.

- rule: Create Symlink Over Procfs Files
 desc: This rule detects the creation of symbolic links over sensitive files, which could lead to container escape when runc is vulnerable to CVE-2025-31133 and CVE-2025-52565. An attacker could exploit these vulnerabilities to escape from container boundaries or cause a denial-of-service attack.
 condition: >
 create_symlink and
 ((evt.arg.target in ("/proc/sysrq-trigger", "/proc/sys/kernel/core_pattern") and evt.arg.linkpath contains "/dev/null") or
 (evt.arg.target in ("/proc/sysrq-trigger", "/proc/sys/kernel/core_pattern") and evt.arg.linkpath startswith "/dev/pts/"))
 output: >
 Symlinks created over files that could lead to container escape in runc as per CVE-2025-31133 and CVE-2025-52565 by process %proc.name with parent %proc.pname under user %user.name executed on %container.name (evt.arg.target=%evt.arg.target evt.arg.linkpath=%evt.arg.linkpath proc.name=%proc.name proc.cmdline=%proc.cmdline proc.exepath=%proc.exepath proc.pname=%proc.pname proc.pcmdline=%proc.pcmdline proc.pexepath=%proc.pexepath gparent=%proc.aname[2] user.name=%user.name image=%container.image.repository:%container.image.tag proc.pid=%proc.pid proc.cwd=%proc.cwd proc.ppid=%proc.ppid proc.sid=%proc.sid user.uid=%user.uid user.loginname=%user.loginname group.name=%group.name container.id=%container.id container.name=%container.name)
 priority: CRITICAL
 tags: [host]

Remediation Steps

Affected organizations should upgrade runC to version 1.1.12 or later, which remediates all three CVEs. Distributions that bundle runC — such as containerd, Docker Engine, and Kubernetes distributions like GKE or EKS — are also rolling out patched versions. More information on patching and mitigation.

Security teams should:

1. Identify and inventory all assets that rely on runC and container runtimes.
2. Apply vendor patches or rebuild container runtimes with the updated runC.
3. Audit workloads for excessive privileges and container configurations that enable volume mounts or host path access.
4. Implement runtime protections such as SELinux, AppArmor, and seccomp profiles to provide defense-in-depth against container exploits.
5. Use container security tools to monitor for suspicious behavior at the host-container boundary. More on container security tools.

Official GitHub Security Advisories

• GHSA-9493-h29p-rfm2 (CVE-2025-31133)
• GHSA-qw9x-cqr3-wc7r (CVE-2025-52565)
• GHSA-cgrx-mc8f-2prm (CVE-2025-52881)