Three Critical Vulnerabilities in runC Enable Docker Container Escapes

Security researchers have identified three serious vulnerabilities in runC, the container runtime that powers Docker and Kubernetes. These flaws allow attackers to break out of container isolation and gain root access to the host system.

SUSE engineer Aleksa Sarai, who also serves on the Open Container Initiative (OCI) board, reported the vulnerabilities. They've been assigned identifiers CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881.

Understanding runC's Role

RunC serves as the universal container runtime and reference implementation for OCI specifications. It handles low-level container operations including process creation, namespace configuration, filesystem mounting, and cgroup management. This makes it the foundation for Docker, Kubernetes, and other container platforms.

The Vulnerabilities Explained

All three flaws share a common exploit path: they let attackers write data to the host system with root privileges. Here's how each vulnerability works:

CVE-2025-31133 exploits runC's use of bind mounts from /dev/null to mask critical host files. An attacker can replace /dev/null with a symbolic link during container initialization. This tricks runC into mounting an attacker-controlled file with write permissions, creating a path to /proc and enabling container escape.

CVE-2025-52565 targets the /dev/console bind mount through race conditions combined with symbolic links. This combination also provides write access to procfs, leading to container escape.

CVE-2025-52881 manipulates runC into writing data to /proc that gets redirected to attacker-controlled files. In certain configurations, this bypasses Linux Security Module (LSM) protections and converts normal runC writes into arbitrary writes to dangerous system files like /proc/sysrq-trigger.

Affected Versions and Patches

CVE-2025-31133 and CVE-2025-52881 affect all runC versions. CVE-2025-52565 impacts version 1.0.0-rc3 and later releases.

Patches are available in runC versions 1.2.8, 1.3.3, 1.4.0-rc.3, and all subsequent releases.

Exploitation Requirements

According to Sysdig security researchers, exploiting these vulnerabilities requires specific conditions. Attackers need the ability to run containers with custom mount configurations, which they can achieve through malicious container images or crafted Dockerfiles.

No active exploitation has been reported in production environments.

Detection and Mitigation

Sysdig recommends monitoring for suspicious activity involving symbolic links as a detection method for exploitation attempts.

The runC development team provides two primary mitigation strategies:

First, enable user namespaces for all containers without granting root access on the host system. This approach blocks the main attack vectors through Unix Discretionary Access Control (DAC) protections, which prevent users within namespaces from accessing critical system files.

Second, deploy rootless containers wherever feasible. This reduces potential damage if vulnerabilities are exploited, since the container process runs without elevated privileges from the start.

Bottom Line

These vulnerabilities represent serious container security risks, but they require specific conditions to exploit. Organizations running Docker or Kubernetes should prioritize updating to patched runC versions and implementing the recommended security controls, particularly user namespace isolation and rootless container deployments where practical.