CVE Tools

CVE-2025-31133

runc container escape via "masked path" abuse due to mount race conditions

Published: Nov 6, 2025Updated: Dec 3, 2025 Sources: CVE List NVD GHSA BDUCWE-61

No Known Exploits

Patch Available

Description

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.

CVSS Vector Breakdown

Exploitability

AV:LAttack Vector

Local

AC:HAttack Complexity

High

PR:LPrivileges Required

Low

UI:NUser Interaction

None

Scope

S:CScope

Changed

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

Affected Products

runc opencontainers

Mixed

Cloud & SaaS / container-orchestration

Red Hat Enterprise Linux Red Hat Inc.

On-premOS

Operating Systems / linux-distro

Debian GNU/Linux Сообщество свободного программного обеспечения

On-premOS

Operating Systems / linux-distro

РЕД ОС ООО «Ред Софт»

On-premOS

Operating Systems / linux-distro

Astra Linux Special Edition ООО «РусБИТех-Астра»

On-premOS

Operating Systems / linux-distro

opencontainersoss-projectCloud & SaaSaka oci, open containers

red hat inc.commercialUSOperating Systemsaka red hat

сообщество свободного программного обеспеченияoss-projectOperating Systemsaka сообщество свободного программного обеспечения, fsf

ооо «ред софт»commercialRUOperating Systemsaka red soft

ооо «русбитех-астра»commercialRUOperating Systemsaka rusbitech-astra

and 9 more affected products View all →

Exploitability

Official Patch Available

Workaround Available

References

https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2

https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522

https://github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66

and 17 more references View all →

Timeline

Published

Nov 6, 2025

Last Updated

Dec 3, 2025

News mentions

1

OpenVEX в CI/CD: как перестать бороться с ложными CVE и научить Trivy понимать контекст
ru·Хабр — Информационная безопасность· Summary only·Jun 16, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-31133 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows