Container Escape Vulnerabilities in runc via /dev/console Mount Races
Multiple vulnerabilities were discovered in runc, the container runtime used by Docker, Kubernetes, and other platforms, that allow attackers to escape container isolation. One of the critical flaws, tracked as CVE-2025-52565, arises from insufficient validation during the bind-mounting of /dev/pts/$n to /dev/console inside containers. Attackers can exploit this race condition to redirect the mount and gain write access to protected files in the procfs, such as /proc/sysrq-trigger or /proc/sys/kernel/core_pattern, potentially leading to denial of service or container breakout. The vulnerability affects runc versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, and has been addressed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.
Exploitation of CVE-2025-52565 requires the ability to start containers with custom mount configurations, making environments that run untrusted container images or Dockerfiles particularly vulnerable. No active exploits have been reported as of the disclosure, but security researchers recommend updating to the patched runc versions and monitoring for suspicious container activity. The vulnerability is similar in concept to CVE-2025-31133 but targets a different aspect of the container initialization process, specifically the timing and validation of the /dev/console mount before security protections are fully applied.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Broader reporting detailed affected versions and mitigations
Subsequent reporting summarized that two of the runC flaws affected all versions and the third affected versions 1.0.0-rc3 and later, with fixes available in 1.2.8, 1.3.3, 1.4.0-rc.3, and later. Reports also highlighted mitigations such as enabling user namespaces, avoiding host-root mappings, and using rootless containers.
CVE-2025-52565 was cataloged in vulnerability feeds
CVE-2025-52565 was added to public vulnerability tracking feeds as a high-severity container escape issue tied to /dev/console mount handling and related race conditions in runC. This reflected broader public indexing of the disclosed flaw.
Vendor and security coverage warned of runC container-escape risk
Security vendors and media, including Sysdig and Fortinet, published analyses highlighting the newly disclosed runC flaws and their impact on Docker and Kubernetes environments. Coverage emphasized that exploitation could let attackers break container isolation, while noting no active exploitation had been reported.
GitHub advisories disclosed three runC vulnerabilities
GitHub security advisories were published for CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, describing container escape and denial-of-service risks in runC. The advisories identified issues including masked-path abuse, /dev/console mount races, and procfs write redirects.
runC fixed three container-escape flaws in new releases
The opencontainers/runc project published patched releases v1.2.8, v1.3.3, and v1.4.0-rc.3 to address three vulnerabilities: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881. The flaws could enable container escape through mount and symlink race conditions and related arbitrary-write paths.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
11 references tracked. Mallory keeps watching after this page renders.
Docker, Kubernetes container escape possible with runC vulnerabilities
scworld.com
Open sourceDangerous runC flaws could allow hackers to escape Docker containers
bleepingcomputer.com
Open sourceCVE-2025-52565 - container escape due to /dev/console mount and related races
cvefeed.io
Open sourcerunC Container Escape Vulnerabilities
fortiguard.fortinet.com
Open sourcecontainer escape via "masked path" abuse due to mount race conditions
github.com
Open sourcerunc v1.4.0-rc.3 -- "その日、人類は思い出した。"
github.com
Open sourcerunc v1.3.3 -- "奴らに支配されていた恐怖を"
github.com
Open sourcerunc v1.2.8 -- "鳥籠の中に囚われた屈辱を"
github.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
runc Container Escape Flaws Expose Hosts to Root Compromise
Researchers disclosed three new `runc` vulnerabilities — `CVE-2025-31133`, `CVE-2025-52565`, and `CVE-2025-52881` — that can let attackers break container isolation and gain root access on the host systems running Docker, Kubernetes, and other platforms built on `runc`. The flaws abuse race conditions, mount manipulation, and redirected writes into `procfs`, including paths such as `/proc/sys/kernel/core_pattern` and `/proc/sysrq-trigger`, to turn container access into host-level impact. Sysdig reported that exploitation requires the ability to launch containers with custom mount configurations, making malicious or untrusted container images and Dockerfiles a likely delivery path, and said no active exploitation had been observed at disclosure. The new issues echo the earlier `CVE-2019-5736` `runC` escape, which allowed container root users to overwrite the host `runC` binary via `/proc/self/exe` and `/proc/[pid]/exe` handling and then execute code as root on the host. That earlier flaw affected Docker by default and also impacted LXC in some configurations, leading maintainers to harden `runC` by re-executing from a sealed in-memory copy created with `memfd_create()`. For the newly disclosed bugs, fixed releases are `runc` `1.2.8`, `1.3.3`, and `1.4.0-rc.3` or later, and defenders were advised to monitor for suspicious symlink creation and other attempts to target sensitive `procfs` entries from inside containers.
May 25, 2026
Critical runC Vulnerabilities Enable Full Container Escape and Host Compromise
Security researchers have disclosed three critical vulnerabilities in the runC container runtime, which is widely used in platforms such as Docker and Kubernetes. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, arise from logic and race-condition errors in runC's handling of temporary bind mounts, symbolic links, and certain write operations. Attackers can exploit these weaknesses to break container isolation, potentially gaining write access to sensitive host system files and kernel interfaces such as `/proc/sys/kernel/core_pattern` or `/proc/sysrq-trigger`, leading to full container escapes and even host-level compromise. The vulnerabilities allow attackers to abuse masked paths, console bind-mounts, and redirected writes, bypassing standard hardening and isolation controls. Exploitation requires either custom mount configurations or the use of untrusted container images, but the risk is significant for orchestrated environments like Docker and Kubernetes. Security advisories from both the runC project and the U.S. National Vulnerability Database urge immediate updates to patched versions or the application of provided patches to mitigate these threats. The vulnerabilities highlight the importance of robust container runtime security and the potential impact of logic flaws in core infrastructure components.
Mar 21, 2026
containerd patches critical CRI flaws enabling cache poisoning and host compromise
The containerd project released patches for five vulnerabilities in its CRI and image-handling components, including three **critical** flaws tracked as `CVE-2026-50195`, `CVE-2026-53488`, and `CVE-2026-53492`, alongside `CVE-2026-53489` and `CVE-2026-47262`. According to the project’s disclosure and an AWS security bulletin, the bugs could let attackers poison a node’s local image cache with crafted checkpoint images, pass unvalidated image labels that may lead to arbitrary host command execution through label-consuming plugins, and abuse untrusted CDI annotations during checkpoint restore to bypass Kubernetes device allocation controls. The remaining issues include a **high-severity** arbitrary host file-read path through `kubectl logs` by restoring a symlinked `container.log` from a checkpoint image, and a **moderate** denial-of-service flaw that can exhaust memory and crash the `containerd` process. Fixes are available in containerd `2.3.2`, `2.2.5`, and `2.1.9` for all five vulnerabilities, while versions `2.0.10` and `1.7.33` address `CVE-2026-53488` and `CVE-2026-47262`; maintainers urged immediate upgrades and said containers restored from untrusted checkpoints may need to be recreated to remove smuggled CDI configuration tied to `CVE-2026-53492`.
Jun 19, 2026