CVE-2025-52881
BaseFortify
Publication date: 2025-11-06
Last updated on: 2025-12-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | runc | to 1.2.8 (exc) |
| linuxfoundation | runc | From 1.3.0 (inc) to 1.3.3 (exc) |
| linuxfoundation | runc | 1.4.0 |
| linuxfoundation | runc | 1.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-363 | The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the product to access the wrong file. |
| CWE-61 | The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in runc allows an attacker to trick runc into misdirecting writes to /proc to other procfs files by exploiting a race condition with containers that share mounts. This can be done using symbolic links in tmpfs or other methods like bind-mounts. The issue affects certain versions of runc and is fixed in later versions.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to redirect writes intended for /proc to other procfs files, potentially leading to unauthorized modification of system files or data within containers. This could compromise container isolation and security, leading to privilege escalation or data integrity issues.
What immediate steps should I take to mitigate this vulnerability?
Upgrade runc to version 1.2.8, 1.3.3, or 1.4.0-rc.3 or later, as these versions contain the fix for this vulnerability.