CVE-2025-24965

CVSS v4.0

8.5

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions crun versions prior to 1.20

Description Crun is an open source OCI Container Runtime fully written in C. In affected versions, a malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file.

Recommendations To resolve the issue, update to crun version 1.20 or later, as the problem is fixed in this version. There are no known workarounds for this vulnerability. As a temporary workaround, consider restricting the use of the krun handler until a patch is available. Avoid using malicious container images to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2025-04195

CVE-2025-24965

GHSA-F42G-R5JJ-QH4J

OESA-2025-1417

OESA-2025-1564

OESA-2026-1008

OPENSUSE-SU-2025:0074-1

OPENSUSE-SU-2025:14763-1

SUSE-SU-2026:20452-1

Affected Products

Red Os

Crun

CVE-2025-24965

Weakness Enumeration

Related Identifiers

Affected Products

References · 38