runc Container Escape Flaws Expose Hosts to Root Compromise
Researchers disclosed three new runc vulnerabilities — CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 — that can let attackers break container isolation and gain root access on the host systems running Docker, Kubernetes, and other platforms built on runc. The flaws abuse race conditions, mount manipulation, and redirected writes into procfs, including paths such as /proc/sys/kernel/core_pattern and /proc/sysrq-trigger, to turn container access into host-level impact. Sysdig reported that exploitation requires the ability to launch containers with custom mount configurations, making malicious or untrusted container images and Dockerfiles a likely delivery path, and said no active exploitation had been observed at disclosure.
The new issues echo the earlier CVE-2019-5736 runC escape, which allowed container root users to overwrite the host runC binary via /proc/self/exe and /proc/[pid]/exe handling and then execute code as root on the host. That earlier flaw affected Docker by default and also impacted LXC in some configurations, leading maintainers to harden runC by re-executing from a sealed in-memory copy created with memfd_create(). For the newly disclosed bugs, fixed releases are runc 1.2.8, 1.3.3, and 1.4.0-rc.3 or later, and defenders were advised to monitor for suspicious symlink creation and other attempts to target sensitive procfs entries from inside containers.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Public GitHub PoC appears for CVE-2025-31133
A GitHub repository was published providing public proof-of-concept or educational exploit material for CVE-2025-31133. The release increased public availability of hands-on technical details for one of the 2025 runc container escape flaws.
Sysdig publishes technical analysis and detection guidance
Sysdig Threat Research Team published analysis of the three 2025 runc vulnerabilities, explaining abuse of maskedPaths, /dev/console mount races, and arbitrary /proc writes against targets such as /proc/sys/kernel/core_pattern and /proc/sysrq-trigger. Sysdig also released detection guidance including an experimental Falco rule for suspicious symlink creation over sensitive procfs targets.
Fixed runc versions released for the 2025 vulnerabilities
The disclosed 2025 runc flaws were fixed in runc versions 1.2.8, 1.3.3, and 1.4.0-rc.3 or later. At the time of reporting, no active exploitation had been observed.
Three new runc container escape vulnerabilities are disclosed
On 2025-11-05, a SUSE researcher disclosed CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, three runc vulnerabilities that could enable container escape and host root compromise in Docker, Kubernetes, and other environments using runc. The issues involve race conditions, mount manipulation, and procfs write redirection.
Public exploit activity accelerates for CVE-2019-5736
Multiple unofficial proofs of concept for CVE-2019-5736 were released publicly, increasing exploitation interest and pressure around the flaw. In response, the runC team published exploit code earlier than originally planned.
runC container escape flaw CVE-2019-5736 is disclosed and patched
CVE-2019-5736 was disclosed as a runC container escape vulnerability that lets an attacker with root inside a container overwrite the host runC binary and gain root-level code execution on the host. runC and LXC patched the issue by re-executing from a sealed in-memory copy using memfd_create().
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
GitHub - C-h4ck-0/Learn-about-cve-2025-31133-poc: Learn about CVE-2025-31133 · GitHub
github.com
Open sourceNew runc vulnerabilities allow container escape: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 | Sysdig
webflow.sysdig.com
Open sourceBreaking out of Docker via runC - Explaining CVE-2019-5736
unit42.paloaltonetworks.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Container Escape Vulnerabilities in runc via /dev/console Mount Races
Multiple vulnerabilities were discovered in *runc*, the container runtime used by Docker, Kubernetes, and other platforms, that allow attackers to escape container isolation. One of the critical flaws, tracked as CVE-2025-52565, arises from insufficient validation during the bind-mounting of `/dev/pts/$n` to `/dev/console` inside containers. Attackers can exploit this race condition to redirect the mount and gain write access to protected files in the procfs, such as `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern`, potentially leading to denial of service or container breakout. The vulnerability affects runc versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, and has been addressed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3. Exploitation of CVE-2025-52565 requires the ability to start containers with custom mount configurations, making environments that run untrusted container images or Dockerfiles particularly vulnerable. No active exploits have been reported as of the disclosure, but security researchers recommend updating to the patched runc versions and monitoring for suspicious container activity. The vulnerability is similar in concept to CVE-2025-31133 but targets a different aspect of the container initialization process, specifically the timing and validation of the `/dev/console` mount before security protections are fully applied.
Mar 21, 2026
Critical runC Vulnerabilities Enable Full Container Escape and Host Compromise
Security researchers have disclosed three critical vulnerabilities in the runC container runtime, which is widely used in platforms such as Docker and Kubernetes. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, arise from logic and race-condition errors in runC's handling of temporary bind mounts, symbolic links, and certain write operations. Attackers can exploit these weaknesses to break container isolation, potentially gaining write access to sensitive host system files and kernel interfaces such as `/proc/sys/kernel/core_pattern` or `/proc/sysrq-trigger`, leading to full container escapes and even host-level compromise. The vulnerabilities allow attackers to abuse masked paths, console bind-mounts, and redirected writes, bypassing standard hardening and isolation controls. Exploitation requires either custom mount configurations or the use of untrusted container images, but the risk is significant for orchestrated environments like Docker and Kubernetes. Security advisories from both the runC project and the U.S. National Vulnerability Database urge immediate updates to patched versions or the application of provided patches to mitigate these threats. The vulnerabilities highlight the importance of robust container runtime security and the potential impact of logic flaws in core infrastructure components.
Mar 21, 2026
containerd patches critical CRI flaws enabling cache poisoning and host compromise
The containerd project released patches for five vulnerabilities in its CRI and image-handling components, including three **critical** flaws tracked as `CVE-2026-50195`, `CVE-2026-53488`, and `CVE-2026-53492`, alongside `CVE-2026-53489` and `CVE-2026-47262`. According to the project’s disclosure and an AWS security bulletin, the bugs could let attackers poison a node’s local image cache with crafted checkpoint images, pass unvalidated image labels that may lead to arbitrary host command execution through label-consuming plugins, and abuse untrusted CDI annotations during checkpoint restore to bypass Kubernetes device allocation controls. The remaining issues include a **high-severity** arbitrary host file-read path through `kubectl logs` by restoring a symlinked `container.log` from a checkpoint image, and a **moderate** denial-of-service flaw that can exhaust memory and crash the `containerd` process. Fixes are available in containerd `2.3.2`, `2.2.5`, and `2.1.9` for all five vulnerabilities, while versions `2.0.10` and `1.7.33` address `CVE-2026-53488` and `CVE-2026-47262`; maintainers urged immediate upgrades and said containers restored from untrusted checkpoints may need to be recreated to remove smuggled CDI configuration tied to `CVE-2026-53492`.
Jun 19, 2026