CVE-2025-31133 Overview
CVE-2025-31133 is a file system vulnerability affecting runc, the widely-used CLI tool for spawning and running containers according to the OCI specification. The vulnerability exists in runc's bind-mount verification logic, where the tool fails to properly verify that the source of a bind-mount (specifically, the container's /dev/null) is actually a legitimate /dev/null inode when using it to mask paths. This insufficient verification exposes multiple attack vectors including an arbitrary mount gadget that can lead to host information disclosure, host denial of service, container escape, or bypassing of maskedPaths security controls.
Critical Impact
This vulnerability enables attackers to potentially escape container isolation, access host system information, cause denial of service conditions, or bypass security controls designed to protect sensitive paths within containers.
Affected Products
- linuxfoundation runc versions 1.2.7 and below
- linuxfoundation runc versions 1.3.0-rc.1 through 1.3.1
- linuxfoundation runc versions 1.4.0-rc.1 and 1.4.0-rc.2
Discovery Timeline
- 2025-11-06 - CVE CVE-2025-31133 published to NVD
- 2025-12-03 - Last updated in NVD database
Technical Details for CVE-2025-31133
Vulnerability Analysis
The vulnerability stems from a symlink following issue (CWE-61) in runc's path masking functionality within the libcontainer/rootfs_linux.go file. The maskPaths function is responsible for hiding sensitive paths within containers by bind-mounting /dev/null over them. However, the original implementation did not adequately verify that the container's /dev/null was a genuine device node before using it as a mount source.
An attacker could exploit this by replacing the container's /dev/null with a symlink or other file type pointing to an arbitrary location. When runc attempts to use this fake /dev/null to mask paths, it would instead bind-mount the attacker-controlled target, effectively creating an arbitrary mount gadget.
This flaw exposes two primary attack methods: first, an arbitrary mount gadget that allows mounting attacker-controlled content over sensitive container paths; second, a mechanism to bypass maskedPaths protections entirely, exposing paths that should be hidden from container processes.
Root Cause
The root cause is insufficient validation in the maskPaths function when using the container's /dev/null as a bind-mount source. The original code relied on error codes like ENOENT and ENOTDIR to handle edge cases, rather than proactively verifying that the source device was actually a valid /dev/null inode. The fix introduces dedicated isDevNull and verifyDevNull functions to properly validate device nodes before use, and switches to using file descriptors with /proc/self/fd/ for safer path handling.
Attack Vector
The attack requires local access to the container environment and user interaction. An attacker with the ability to manipulate files within a container could replace /dev/null with a symlink pointing to a host path or sensitive location. When runc processes the maskedPaths configuration, it would use this malicious symlink as the bind-mount source, potentially exposing host information, enabling container escape, or bypassing security controls.
// Security patch - Opening target path with proper validation
// Source: https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522
return fmt.Errorf("can't mask paths: %w", err)
}
devNullSrc := &mountSource{Type: mountSourcePlain, file: devNull}
+ procSelfFd, closer := utils.ProcThreadSelf("fd/")
+ defer closer()
for _, path := range paths {
- if err := mountViaFds("", devNullSrc, path, "", "", unix.MS_BIND, ""); err != nil && !errors.Is(err, os.ErrNotExist) {
+ // Open the target path; skip if it doesn't exist.
+ dstFh, err := os.OpenFile(path, unix.O_PATH|unix.O_CLOEXEC, 0)
+ if err != nil {
+ if errors.Is(err, os.ErrNotExist) {
+ continue
+ }
+ return fmt.Errorf("can't mask path %q: %w", path, err)
+ }
+
+ dstFd := filepath.Join(procSelfFd, strconv.Itoa(int(dstFh.Fd())))
+ err = mountViaFds("", devNullSrc, path, dstFd, "", unix.MS_BIND, "")
+ dstFh.Close()
+ if err != nil {
if !errors.Is(err, unix.ENOTDIR) {
return fmt.Errorf("can't mask path %q: %w", path, err)
}
Source: GitHub runc Commit Update 1
Detection Methods for CVE-2025-31133
Indicators of Compromise
- Unexpected symlinks replacing /dev/null within container filesystems
- Anomalous bind-mount operations originating from container runtime processes
- Unusual file access patterns to sensitive host paths from containerized applications
- Container escape attempts detected through process namespace monitoring
Detection Strategies
- Monitor for modifications to /dev/null within container root filesystems using file integrity monitoring
- Implement audit rules for bind-mount syscalls (mount with MS_BIND flag) from runc processes
- Deploy runtime container security tools that detect symlink manipulation in device paths
- Analyze container startup logs for unexpected mount operations or errors in path masking
Monitoring Recommendations
- Enable detailed logging for container runtime operations including mount events
- Implement SentinelOne Singularity for Cloud Workload Protection to detect container escape attempts
- Configure alerts for any process attempting to access host paths from within container namespaces
- Monitor runc version deployments across infrastructure to identify vulnerable installations
How to Mitigate CVE-2025-31133
Immediate Actions Required
- Upgrade runc to patched versions: 1.2.8, 1.3.3, or 1.4.0-rc.3
- Audit container deployments for any signs of exploitation or tampering
- Review container runtime configurations for proper security controls
- Implement additional container isolation measures such as seccomp profiles and AppArmor policies
Patch Information
The Linux Foundation has released security patches addressing this vulnerability. The fixes are available in runc versions 1.2.8, 1.3.3, and 1.4.0-rc.3. The patches introduce proper device node validation through new isDevNull and verifyDevNull helper functions, and improve path handling by using file descriptors via /proc/self/fd/ rather than relying on error code interpretation. For detailed technical information, refer to the GitHub Security Advisory GHSA-9493-h29p-rfm2.
Workarounds
- Restrict container capabilities to minimize the impact of potential exploitation
- Implement read-only root filesystems for containers where possible
- Use user namespace isolation to limit the impact of container escapes
- Deploy additional runtime security monitoring to detect exploitation attempts
# Verify runc version and upgrade if vulnerable
runc --version
# For systems using Docker, update containerd and runc packages
apt-get update && apt-get install -y runc
# For systems using Kubernetes, update the container runtime
# Example for containerd-based installations
apt-get update && apt-get install -y containerd.io
# Verify the updated version
runc --version
# Expected: 1.2.8, 1.3.3, or 1.4.0-rc.3 or later
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
