Three critical vulnerabilities in runc, which powers Docker and Kubernetes, pose significant risks by allowing attackers to escape container isolation. These flaws enable unauthorized access to host systems by exploiting weaknesses such as race mount conditions and insecure procfs write redirects. Notably, attackers can exploit CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, which affect all known runc versions. Fixes have been issued in updated versions like 1.2.8 and 1.3.3, urging organizations to promptly upgrade.
The implications of these vulnerabilities are serious, as they allow for potential system crashes and unauthorized access to critical files within container environments. The analysis conducted by the Sysdig Threat Research Team highlights the importance of securing containerized applications, advocating for measures such as enabling user namespaces and utilizing rootless containers. These strategies aim to enhance the security posture of organizations deploying container technologies, especially in cloud environments, where additional security updates have been made available.
👉 Pročitaj original: Cyber Security News
