CVE-2025-52565

Name of the Vulnerable Software and Affected Versions runc versions 1.0.0-rc3 through 1.2.7 runc versions 1.3.0-rc.1 through 1.3.2 runc versions 1.4.0-rc.1 through 1.4.0-rc.2

Description Insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside a container allow an attacker to trick the system into bind-mounting paths that are typically read-only or masked onto a writable path. This occurs after the pivot root(2) function is called, preventing direct writes to host files. However, it can lead to a host denial of service or a container breakout by providing the attacker with a writable copy of /proc/sysrq-trigger or /proc/sys/kernel/core pattern.

Recommendations Update to version 1.2.8 Update to version 1.3.3 Update to version 1.4.0-rc.3