https://www.wiz.io/vulnerability-database/cve/cve-2025-31133
Researchers have disclosed three critical vulnerabilities in the runC container runtime, a core component of Docker and Kubernetes, that could allow attackers to break out of the container environment and gain root-level access to the underlying host system.
The vulnerabilities, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, stem from issues in how runC handles bind mounts and file permissions. An attacker could exploit these flaws to redirect sensitive files or mount attacker-controlled targets, granting them the ability to perform arbitrary writes and bypass important security measures.
These vulnerabilities pose a significant risk, as they can enable a complete container escape, allowing an attacker to obtain full control of the host system with root privileges. While no active exploits have been reported so far, the potential damage from a successful attack is substantial, as it could lead to the compromise of the entire container infrastructure.
To mitigate the risks, container runtime developers have released fixes in the latest versions of runC. I recommend activating user namespaces for all containers, using rootless containers when possible, and closely monitoring for any suspicious symlink behaviours that could indicate an attempted exploit. As container technologies continue to play a crucial role in modern infrastructure, addressing these types of vulnerabilities is essential to ensure the security and integrity of these critical systems.