CVE-2025-65105 Overview
CVE-2025-65105 affects Apptainer, an open source container platform maintained under the Linux Foundation projects (lfprojects). Versions prior to 1.4.5 allow a container to disable two forms of the --security option: --security=apparmor:<profile> and --security=selinux:<label>. These options normally impose mandatory access control restrictions on container operations. When bypassed, a container avoids the AppArmor or SELinux confinement that operators expect to be enforced. AppArmor is enabled by default on Debian-based distributions, while SELinux is enabled by default on RHEL-based distributions. The issue is fixed in Apptainer 1.4.5.
Critical Impact
Containers can silently evade AppArmor profile or SELinux label enforcement, weakening the intended mandatory access control boundary on hosts that rely on these options.
Affected Products
- Apptainer versions prior to 1.4.5
- Debian-based distributions with AppArmor enabled
- RHEL-based distributions with SELinux enabled
Discovery Timeline
- 2025-12-02 - CVE-2025-65105 published to NVD
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2025-65105
Vulnerability Analysis
Apptainer's --security flag lets operators apply AppArmor profiles or SELinux labels to a running container. The documentation historically framed the flag as a root-user feature, but the AppArmor and SELinux forms also work for unprivileged users when the host kernel enables those subsystems. In vulnerable releases, the container process could cause the security option to silently not apply. The runtime did not fail closed when the requested confinement could not be attached, so the container continued to execute without the requested mandatory access control. This is tracked under [CWE-61] (UNIX symbolic link following) and relates to how the runtime writes the AppArmor profile through /proc.
Root Cause
The issue lives in the security subsystem under internal/pkg/security/apparmor/apparmor_supported.go and internal/pkg/security/security.go. Writing an AppArmor profile through a path in procfs was subject to symlink or path manipulation from within the container, and the runtime did not treat application failures of --security options as fatal. The fix routes the procfs write through pathrs-lite/procfs for safe path resolution and makes Apptainer fail if a requested --security option cannot be applied.
Attack Vector
A malicious container image, or a user controlling the container payload, can manipulate the environment so that the AppArmor profile or SELinux label requested via --security is not actually enforced. The container then executes with the default, less restrictive confinement rather than the operator-supplied profile. Exploitation does not require prior authentication in the container platform itself and produces no error from the runtime.
// Source: https://github.com/apptainer/apptainer/commit/4313b42717e18a4add7dd7503528bc15af905981
// File: internal/pkg/security/apparmor/apparmor_supported.go
// Fix: use pathrs-lite/procfs when writing apparmor profile
// Apptainer a Series of LF Projects LLC.
// For website terms of use, trademark policy, privacy policy and other
// project policies see https://lfprojects.org/policies
- // Copyright (c) 2018-2022, Sylabs Inc. All rights reserved.
+ // Copyright (c) 2018-2025, Sylabs Inc. All rights reserved.
// This software is licensed under a 3-clause BSD license. Please consult the
// LICENSE.md file distributed with the sources of this project regarding your
// rights to use or distribute this software.
// Source: https://github.com/apptainer/apptainer/commit/82f17900a0c31bc769bf9b4612d271c7068d8bf2
// File: internal/pkg/security/security.go
// Fix: fail if --security options can't be applied
// Apptainer a Series of LF Projects LLC.
- // Copyright (c) 2018-2020, Sylabs Inc. All rights reserved.
+ // Copyright (c) 2018-2025, Sylabs Inc. All rights reserved.
// This software is licensed under a 3-clause BSD license.
Detection Methods for CVE-2025-65105
Indicators of Compromise
- Container processes running without the expected AppArmor profile visible in /proc/<pid>/attr/current
- Container processes on SELinux hosts showing unexpected or default context in ps -eZ
- Apptainer invocations that used --security=apparmor:<profile> or --security=selinux:<label> on hosts running Apptainer versions below 1.4.5
Detection Strategies
- Inventory hosts running apptainer --version output below 1.4.5 and correlate with AppArmor or SELinux enablement
- Audit process security contexts of Apptainer child processes to confirm that the requested profile or label is active
- Review shell history and job scheduler logs for --security=apparmor: or --security=selinux: usage on vulnerable releases
Monitoring Recommendations
- Log Apptainer command invocations and capture the resolved AppArmor profile name for each container
- Alert on containers spawned by Apptainer whose AppArmor profile is unconfined when a non-default profile was requested
- Track updates to the apptainer package version across HPC and container hosts in configuration management data
How to Mitigate CVE-2025-65105
Immediate Actions Required
- Upgrade Apptainer to version 1.4.5 or later on all hosts
- Verify AppArmor is loaded on Debian-based systems and SELinux is enforcing on RHEL-based systems
- Restrict who can run Apptainer with --security options until patched releases are deployed
Patch Information
The fix is available in Apptainer 1.4.5. Two upstream commits address the issue: commit 4313b427 routes the AppArmor profile write through pathrs-lite/procfs, and commit 82f17900 makes the runtime fail when a requested --security option cannot be applied. See the GHSA-j3rw-fx6g-q46j advisory and pull request 3226 for full detail.
Workarounds
- Avoid relying on --security=apparmor:<profile> or --security=selinux:<label> as a security boundary on pre-1.4.5 releases
- Enforce AppArmor or SELinux at the host level with default-deny profiles applied to the Apptainer binary
- Limit execution of untrusted container images on systems that cannot be immediately upgraded
# Verify installed Apptainer version and upgrade path
apptainer --version
# Debian/Ubuntu
sudo apt-get update && sudo apt-get install --only-upgrade apptainer
# RHEL/Fedora
sudo dnf upgrade apptainer
# Confirm the fix is in place
apptainer --version | awk '{print $3}' | \
awk -F. '{ if ($1<1 || ($1==1 && ($2<4 || ($2==4 && $3<5)))) print "VULNERABLE"; else print "PATCHED" }'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

