CVE-2025-52565

🗓️ 06 Nov 2025 20:02:58Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 13 Media mentions👁 21 Views

Runc vulnerability allows binding /dev/pts to /dev/console, enabling writable paths after pivot_root.

Reporter	Title	Published	Views	Family All 302
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.	24 Feb 202606:14	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data	4 Mar 202615:08	–	ibm
Tenable Nessus	Amazon Linux 2023 : runc (ALAS2023-2025-1286)	11 Nov 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2025-085 (ALASDOCKER-2025-085)	11 Nov 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : runc, --advisory ALAS2ECS-2025-082 (ALASECS-2025-082)	11 Nov 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2025-077 (ALASNITRO-ENCLAVES-2025-077)	11 Nov 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0184: container-tools:an8 (ALINUX3-SA-2025:0184)	22 Nov 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : runc (ALSA-2025:19927)	10 Nov 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : runc (ALSA-2025:20957)	19 Nov 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : container-tools:rhel8 (ALSA-2025:21232)	20 Nov 202500:00	–	nessus

NVD

Vulners

Node

linuxfoundation runcRange1.0.1–1.2.8

linuxfoundation runcRange1.3.0–1.3.3

linuxfoundation runcMatch1.0.0rc3

linuxfoundation runcMatch1.0.0rc4

linuxfoundation runcMatch1.0.0rc5

linuxfoundation runcMatch1.0.0rc6

linuxfoundation runcMatch1.0.0rc7

linuxfoundation runcMatch1.0.0rc8

linuxfoundation runcMatch1.0.0rc9

linuxfoundation runcMatch1.0.0rc90

linuxfoundation runcMatch1.0.0rc91

linuxfoundation runcMatch1.0.0rc92

linuxfoundation runcMatch1.0.0rc93

linuxfoundation runcMatch1.0.0rc94

linuxfoundation runcMatch1.0.0rc95

linuxfoundation runcMatch1.4.0rc1

linuxfoundation runcMatch1.4.0rc2

[
  {
    "vendor": "opencontainers",
    "product": "runc",
    "versions": [
      {
        "version": ">= 1.0.0-rc3, < 1.2.8",
        "status": "affected"
      },
      {
        "version": ">= 1.3.0-rc.1, < 1.3.3",
        "status": "affected"
      },
      {
        "version": ">= 1.4.0-rc.1, < 1.4.0-rc.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8
github	www.github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a
github	www.github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398
github	www.github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e
github	www.github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4
github	www.github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64
github	www.github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d
github	www.github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r
github	www.github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480

03 Dec 2025 18:33Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.17.5

CVSS 48.4

EPSS0.00026

SSVC