CVE-2025-52881: runc Race Condition Vulnerability

CVE-2025-52881 Overview

CVE-2025-52881 is a race condition vulnerability in runc, the widely-used CLI tool for spawning and running containers according to the Open Container Initiative (OCI) specification. This vulnerability allows an attacker to trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts. The attack has been verified to be exploitable using standard Dockerfiles with docker buildx build, which permits triggering parallel execution of containers with custom shared mounts configured.

Critical Impact

Attackers can exploit this race condition to redirect procfs writes through symbolic links in a tmpfs or via bind-mounts, potentially compromising container isolation and enabling privilege escalation or system manipulation.

Affected Products

• Linux Foundation runc versions prior to 1.2.8
• Linux Foundation runc versions 1.3.0 through 1.3.2
• Linux Foundation runc versions 1.4.0-rc1 and 1.4.0-rc2

Discovery Timeline

• November 6, 2025 - CVE-2025-52881 published to NVD
• December 3, 2025 - Last updated in NVD database

Technical Details for CVE-2025-52881

Vulnerability Analysis

This vulnerability is classified as CWE-61 (UNIX Symbolic Link Following), representing a symlink attack in the context of container runtime operations. The flaw exists in how runc handles writes to /proc filesystem during container initialization when shared mounts are in use.

The vulnerability is particularly concerning because it bypasses a previous mitigation applied for CVE-2019-19921. That earlier fix was fairly limited and effectively only caused runc to verify that when LSM (Linux Security Module) labels are written, they are actually procfs files. However, the current vulnerability demonstrates that an attacker can still redirect these writes through race conditions during parallel container execution.

The attack requires local access with low privileges and user interaction, but successful exploitation can lead to high impact on confidentiality, integrity, and availability of both the vulnerable container and potentially other containers sharing the same host.

Root Cause

The root cause lies in insufficient validation of procfs file operations when containers with shared mounts execute in parallel. The race condition occurs during the window between when runc checks the path and when it writes to the procfs file, allowing symbolic link substitution. The previous fix for CVE-2019-19921 only verified that LSM labels were being written to actual procfs files but did not account for race conditions in shared mount scenarios.

Attack Vector

The attack exploits the local attack vector through shared mount configurations during container builds. An attacker can configure a malicious container that races with legitimate container operations, substituting symbolic links in a tmpfs or using bind-mounts to redirect procfs writes to arbitrary locations. This can be triggered through standard docker buildx build operations with custom shared mount configurations.

// Security patch in libcontainer/apparmor/apparmor_linux.go - apparmor: use safe procfs API for labels
 	"os"
 	"sync"
 
+	"golang.org/x/sys/unix"
+
+	"github.com/opencontainers/runc/internal/pathrs"
 	"github.com/opencontainers/runc/libcontainer/utils"
 )

Source: GitHub Commit fdcc9d3cad2

// Security patch in libcontainer/rootfs_linux.go - rootfs: re-allow dangling symlinks in mount targets
 		dstIsFile = !fi.IsDir()
 	}

+	// In previous runc versions, we would tolerate nonsense paths with
+	// dangling symlinks as path components. pathrs-lite does not support
+	// this, so instead we have to emulate this behaviour by doing
+	// SecureJoin *purely to get a semi-reasonable path to use* and then we
+	// use pathrs-lite to operate on the path safely.
+	newUnsafePath, err := securejoin.SecureJoin(rootfs, unsafePath)
+	if err != nil {
+		return err
+	}
+	unsafePath = utils.StripRoot(rootfs, newUnsafePath)

 	if dstIsFile {
 		dstFile, err = pathrs.CreateInRoot(rootfs, unsafePath, unix.O_CREAT|unix.O_EXCL|unix.O_NOFOLLOW, 0o644)
 	} else {

Source: GitHub Commit 3f925525b44d

Detection Methods for CVE-2025-52881

Indicators of Compromise

• Suspicious symbolic links appearing in tmpfs mounts within container environments
• Unexpected writes to procfs files outside of normal container initialization patterns
• Unusual parallel container execution with shared mount configurations
• Evidence of bind-mount manipulation during container build processes

Detection Strategies

• Monitor for containers configured with shared mounts, especially during docker buildx build operations
• Implement file integrity monitoring on procfs-related paths within container runtimes
• Audit container configurations for custom shared mount settings that could enable race conditions
• Deploy runtime security solutions that detect symlink manipulation in container contexts

Monitoring Recommendations

• Enable detailed logging for runc operations, particularly around procfs writes and mount operations
• Monitor for rapid creation and deletion of symbolic links in container mount namespaces
• Implement alerts for containers with unusual mount configurations being executed in parallel
• Track runc version deployments across your infrastructure to identify vulnerable instances

How to Mitigate CVE-2025-52881

Immediate Actions Required

• Upgrade runc to patched versions: 1.2.8, 1.3.3, or 1.4.0-rc.3 immediately
• Audit container build configurations for shared mount usage and restrict where possible
• Review container orchestration settings for parallel execution with custom mounts
• Implement runtime container security monitoring to detect exploitation attempts

Patch Information

The vulnerability is fixed in runc versions 1.2.8, 1.3.3, and 1.4.0-rc.3. The patches include updates to the filepath-securejoin dependency (upgraded from v0.5.0 to v0.5.1) and improvements to the safe procfs API for label operations. Multiple commits address different aspects of the fix:

• GitHub Commit a41366e74080 - Dependency update for openat2 resilience
• GitHub Commit fdcc9d3cad2 - AppArmor safe procfs API implementation

For complete details, see the GitHub Security Advisory GHSA-qw9x-cqr3-wc7r.

Workarounds

• Disable or restrict shared mount configurations in container builds until patches can be applied
• Avoid using docker buildx build with custom shared mount configurations on untrusted content
• Implement additional isolation between containers that may execute in parallel
• Use container security policies to limit mount namespace sharing

# Dependency update in go.mod showing filepath-securejoin security fix
 	github.com/checkpoint-restore/go-criu/v7 v7.2.0
 	github.com/containerd/console v1.0.5
 	github.com/coreos/go-systemd/v22 v22.6.0
-	github.com/cyphar/filepath-securejoin v0.5.0
+	github.com/cyphar/filepath-securejoin v0.5.1
 	github.com/docker/go-units v0.5.0
 	github.com/godbus/dbus/v5 v5.1.0
 	github.com/moby/sys/capability v0.4.0

Source: GitHub Commit a41366e74080