What happened
Security researchers have disclosed three vulnerabilities in the open-source container runtime runC (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) that allow attackers to escape container isolation and gain root access on the host system. The issues stem from insecure bind‑mount handling of /dev/null, /dev/console, and symlinks induced during init‑time, allowing write access to host files and directories via the container process. Fixes are available in runC versions 1.2.8, 1.3.3, 1.4.0‑rc.3, and later.
Who is affected
Any organisation leveraging container platforms like Docker or Kubernetes that depend on runC as the runtime layer is potentially at risk. The attacker vector requires the ability to start containers with custom mount configurations (for example, via malicious container images or crafted Dockerfiles). While there have been no confirmed active exploits in the wild yet, the severity is high given the possibility of total host compromise.
Why CISOs should care
Container isolation is a foundational security boundary in modern cloud‑native and microservices environments. These vulnerabilities break that boundary, enabling a malicious actor to pivot from a container to the host and beyond. That means what was assumed to be a relatively low‑impact compromise (a container) could escalate into full infrastructure control. For CISOs, that raises risk across application integrity, data protection, compliance, and incident response readiness.
3 Practical Actions
- Patch the runtime immediately: Ensure runC is upgraded to version 1.2.8, 1.3.3, 1.4.0‑rc.3 or later (depending on your distribution) across all environments, including production and dev/test.
- Harden container settings: Use user namespaces or rootless containers to minimize host‑root exposure, and restrict mount permissions and symlink manipulations in container launches.
- Monitor for exploitation indicators: Set up detection for anomalous symlink creation/mounting behavior in container‑init phases, unexpected writes to /proc, and unauthorized changes to host mounting namespaces. The vendor advisory highlights these as possible attack signatures.