New runc vulnerabilities allow container escape: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881
Falco Feeds extends the power of Falco by giving open source-focused companies access to expert-written rules that are continuously updated as new threats are discovered.
On November 5, 2025, three vulnerabilities were disclosed by a researcher from SUSE affecting runc, the container runtime used by Docker, Kubernetes, and other platforms. These vulnerabilities may allow attackers to bypass container isolation, though no active exploits have been identified at the time of this publication. By using race mount conditions and procfs write redirects, an attacker could gain root access to the host system.
These vulnerabilities require the ability to start containers with custom mount configurations, making untrusted container images and Dockerfiles the most likely delivery method for the exploits.
The Sysdig Threat Research Team (TRT) has explored each of the three disclosed vulnerabilities, recommending mitigations and detections for Sysdig customers. Their findings are detailed below.
Technical details about the vulnerabilities
CVE-2025-31133: Container escape via maskedPaths abuse
This vulnerability exploits flaws in how runc implements the maskedPaths feature, which is designed to protect sensitive host files from access by containers. When using /dev/null to mask files, runc fails to properly verify that the source is actually a legitimate /dev/null inode.
By replacing /dev/null with a symlink during container creation, attackers can trick runc into mounting arbitrary host paths into the container. This enables writing to critical files, such as /proc/sys/kernel/core_pattern, to escape the container.
CVE-2025-52565: Container escape via /dev/console mount races
This vulnerability targets the mount operation of /dev/pts/$n to /dev/console during container initialization. Insufficient validation allows attackers to redirect this mount and gain write access to protected procfs files.
The attack works because the /dev/console mount happens before maskedPaths and readonlyPaths protections are applied, allowing attackers to manipulate mount targets to bypass security restrictions.
CVE-2025-52881: LSM bypass and arbitrary write gadgets
This vulnerability allows redirecting runc writes to /proc files using a race condition with shared mounts. Attackers can bypass Linux Security Module (LSM) labels by tricking runc into writing to fake procfs files instead of the intended security label files.
Critically, attackers can redirect sysctl writes containing arbitrary text to dangerous files like /proc/sysrq-trigger or /proc/sys/kernel/core_pattern that can crash the system or escape the container, respectively. The vulnerability affects all writes to /proc in runc, including sysctls and security labels.
How to detect vulnerable versions
Sysdig Secure customers can access the Threat Intelligence page (Home > Threat Intelligence) to check their inventory for affected versions. This capability allows users to quickly understand the scope of necessary remediation and begin.
How to detect exploitation
Sysdig Secure and Falco users can detect exploitation of these vulnerabilities by monitoring suspicious symlink behaviors. The Falco rule shown below is experimental and can detect CVE-2025-31133 and CVE-2025-52565 activity. Sysdig Secure customers can add this rule to their custom rules file; an official rule is currently in testing and will be released soon.
- rule: Create Symlink Over Procfs Files
desc: This rule detects the creation of symbolic links over sensitive files, which could lead to container escape when runc is vulnerable to CVE-2025-31133 and CVE-2025-52565. An attacker could exploit these vulnerabilities to escape from container boundaries or cause a denial-of-service attack.
condition: >
create_symlink and
((evt.arg.target in ("/proc/sysrq-trigger", "/proc/sys/kernel/core_pattern") and evt.arg.linkpath contains "/dev/null") or
(evt.arg.target in ("/proc/sysrq-trigger", "/proc/sys/kernel/core_pattern") and evt.arg.linkpath startswith "/dev/pts/"))
output: >
Symlinks created over files that could lead to container escape in runc as per CVE-2025-31133 and CVE-2025-52565 by process %proc.name with parent %proc.pname under user %user.name executed on %container.name (evt.arg.target=%evt.arg.target evt.arg.linkpath=%evt.arg.linkpath proc.name=%proc.name proc.cmdline=%proc.cmdline proc.exepath=%proc.exepath proc.pname=%proc.pname proc.pcmdline=%proc.pcmdline proc.pexepath=%proc.pexepath gparent=%proc.aname[2] user.name=%user.name image=%container.image.repository:%container.image.tag proc.pid=%proc.pid proc.cwd=%proc.cwd proc.ppid=%proc.ppid proc.sid=%proc.sid user.uid=%user.uid user.loginname=%user.loginname group.name=%group.name container.id=%container.id container.name=%container.name)
priority: CRITICAL
tags: [host]Which versions of runc are affected?
CVE-2025-31133
- Affected: All known versions of runc
- Fixed: runc 1.2.8, 1.3.3, 1.4.0-rc.3 and later
CVE-2025-52565
- Affected: runc versions 1.0.0-rc3 and later
- Fixed: runc 1.2.8, 1.3.3, 1.4.0-rc.3 and later
CVE-2025-52881
- Affected: All known versions of runc
- Fixed: runc 1.2.8, 1.3.3, 1.4.0-rc.3 and later
Recommended mitigations
Immediate Actions
- Update runc to version 1.2.8, 1.3.3, or 1.4.0-rc.3 or later
- Enable user namespaces for all containers, which blocks the most serious attack vectors, as user namespace processes lack access to the procfs files required for exploitation
- Use rootless containers where possible to limit the scope of vulnerabilities
- Apply vendor patches - AWS, ECS, EKS, and other platforms have released updates as of November 5, 2025
For additional technical details, refer to the official GitHub Security Advisories:
- GHSA-9493-h29p-rfm2 (CVE-2025-31133)
- GHSA-qw9x-cqr3-wc7r (CVE-2025-52565)
- GHSA-cgrx-mc8f-2prm (CVE-2025-52881)