Critical runC Vulnerabilities Enable Container Escape and Host Compromise

Critical runC Vulnerabilities Enable Container Escape and Host Compromise

First seen 23 Nov 2025, 03:35 UTC BleepingcomputerCybersecuritynewsCsoonlineThecyberexpressUbuntu 83% similarity 37.1

Article Content

Browse articles
ThreatCluster

Security researchers disclosed three critical vulnerabilities in runC, the container runtime used by Docker and Kubernetes, allowing attackers to escape container isolation and gain root access to host systems. The vulnerabilities, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, exploit weaknesses in handling masked paths and bind mounts. These flaws affect nearly all versions of runC and pose significant risks to cloud-native environments.

ThreatCluster AI

Community

Browse all →