CVE-2025-24965: 
Linux openSUSE vulnerability analysis and mitigation

CVE-2025-24965 affects crun, an open source OCI Container Runtime written in C. The vulnerability was discovered and disclosed on February 19, 2025. The issue allows a malicious container image to trick the krun handler into escaping the root filesystem, enabling unauthorized file creation or modification on the host system. This vulnerability affects crun versions 1.19.1 and earlier (GitHub Advisory).

The vulnerability is classified as a path traversal issue (CWE-22) that occurs when the krun handler processes the .krun_config.json file. The vulnerability has received a CVSS v4.0 Base Score of 8.5 (HIGH) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N (NVD).

When exploited, this vulnerability allows an attacker to create or modify files on the host system outside of the container's root filesystem. The attack requires no special permissions beyond the current user's ability to write to the target file. This poses a significant security risk as it breaks container isolation (GitHub Advisory).

The vulnerability has been fixed in crun version 1.20. The fix ensures that the opened .krun_config.json file is restricted to the rootfs directory and prevents following symbolic links. There are no known workarounds for this vulnerability, and users are strongly advised to upgrade to version 1.20 (GitHub Release).