CVE-2025-52565: 
Podman Schwachstellenanalyse und -minderung

runc is a CLI tool for spawning and running containers according to the OCI specification. The vulnerability (CVE-2025-52565) affects versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2. The issue was discovered and disclosed on November 5, 2025, and involves insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside containers (GitHub Advisory, NVD).

The vulnerability stems from insufficient validation during the bind-mounting of /dev/pts/$n to /dev/console during container initialization. This operation happens after pivot_root(2) and before maskedPaths and readonlyPaths protections are applied. The flaw allows attackers to redirect this mount and gain write access to protected procfs files. The vulnerability has been assigned a CVSS v4.0 base score of 7.3 (High) with the vector CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H (GitHub Advisory).

While this vulnerability cannot be used to write to host files directly, it can lead to denial of service of the host or container breakout by providing the attacker with a writable copy of /proc/sysrq-trigger or /proc/sys/kernel/core_pattern. The attack allows bypassing container isolation mechanisms by manipulating mount targets to bypass security restrictions (Sysdig Blog).

The issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3. Recommended mitigations include: using containers with user namespaces (with host root user not mapped into container's namespace), configuring containers to not permit processes to run with root privileges, and avoiding running untrusted container images. The default containers-selinux SELinux policy provides some mitigation as the /dev/console bind-mount does not get relabeled (AWS Security Bulletin, GitHub Advisory).

Major cloud providers and Linux distributions have responded quickly to the vulnerability. AWS has released updated Amazon ECS-Optimized AMIs and is automatically updating Fargate tasks. Red Hat has issued security advisories and patches for affected versions. Ubuntu has also provided fixed packages for supported releases (AWS Security Bulletin, Red Hat Security Advisory).