Security researchers have revealed three serious vulnerabilities in runC, the Open Container Initiative (OCI)-compliant runtime that powers platforms such as Docker and Kubernetes, which could allow attackers to break container isolation and gain control of the host system. The flaws, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, stem from weaknesses in how runC manages temporary bind mounts, symbolic links (symlinks), and certain write operations. Together, they can be exploited to achieve complete container escapes and even host-level compromises.
First seen on thecyberexpress.com
Jump to article: thecyberexpress.com/cve-2025-31133-runc-container-security/
