[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-25809":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":29,"duplicate_of":9,"upstream":32,"downstream":33,"duplicates":58,"related":59,"reserved_at":9,"published_at":71,"modified_at":72,"state":73,"summary":74,"references_raw":82,"kevs":110,"epss":111,"epss_history":114,"metrics":387,"affected":403},"CVE-2023-25809","runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`.\n",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-281","Improper Preservation of Permissions","The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.","weakness","Draft","Base",[],[20],{"_key":21,"name":22,"source":23,"url":24,"maturity":25,"reliability_score":26,"verified":27,"type":9,"platforms":28,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_OPENCONTAINERS_RUNC","Runc","github","https://github.com/opencontainers/runc/issues/2128","poc",0.3,false,[],[30,31],"GHSA-m8cg-xc2p-r3fc","GO-2023-1682",[],[34,36,38,40,42,44,46,48,50,52,54,56],{"_key":35},"SUSE-SU-2023:1726-1",{"_key":37},"UBUNTU-CVE-2023-25809",{"_key":39},"USN-6088-1",{"_key":41},"SUSE-SU-2023:2003-1",{"_key":43},"OPENSUSE-SU-2024:12826-1",{"_key":45},"OPENSUSE-SU-2025:15424-1",{"_key":47},"MGASA-2023-0125",{"_key":49},"DEBIAN-CVE-2023-25809",{"_key":51},"USN-6088-2",{"_key":53},"RHSA-2023:6380",{"_key":55},"RHSA-2023:6938",{"_key":57},"RHSA-2023:6939",[],[60,61,62,63,64,65,67,69],{"_key":35},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":66},"CGA-289H-27QM-3J4J",{"_key":68},"CGA-G7RX-JXR6-8XC6",{"_key":70},"CGA-FMVC-CJ26-GG63","2023-03-29T18:22:56.875Z","2025-02-12T16:02:24.090Z","Modified",{"cisa_kev":27,"cisa_ransomware":27,"cisa_vendor":9,"epss_severity":75,"epss_score":76,"severity":77,"severity_score":78,"severity_version":79,"severity_source":80,"severity_vector":81,"severity_status":73},"low",0.00037,"medium",6.3,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",[83,94,101,105],{"url":84,"sources":85,"tags":88},"https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc",[86,80,87],"cve.org","osv_go",[89,90,91,92,93],"X Refsource CONFIRM","Exploit","Vendor Advisory","WEB","Advisory",{"url":95,"sources":96,"tags":97},"https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17",[86,80,87],[98,99,92,100],"X Refsource MISC","Patch","FIX",{"url":102,"sources":103,"tags":104},"https://nvd.nist.gov/vuln/detail/CVE-2023-25809",[87],[93],{"url":106,"sources":107,"tags":108},"https://github.com/opencontainers/runc",[87],[109],"PACKAGE",[],{"date":112,"score":76,"percentile":113},"2026-06-04",0.11226,[115,119,122,125,128,131,134,137,140,143,146,149,152,155,158,162,165,168,171,174,177,180,183,186,188,191,194,197,200,203,206,209,212,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,323,326,329,332,335,338,341,344,347,350,353,356,360,363,366,369,372,375,378,381,384],{"date":116,"score":117,"percentile":118},"2025-11-04",0.00033,0.08697,{"date":120,"score":117,"percentile":121},"2025-11-05",0.08708,{"date":123,"score":117,"percentile":124},"2025-11-06",0.0883,{"date":126,"score":117,"percentile":127},"2025-11-07",0.08849,{"date":129,"score":117,"percentile":130},"2025-11-08",0.08846,{"date":132,"score":117,"percentile":133},"2025-11-09",0.08813,{"date":135,"score":117,"percentile":136},"2025-11-10",0.0877,{"date":138,"score":117,"percentile":139},"2025-11-11",0.088,{"date":141,"score":117,"percentile":142},"2025-11-12",0.08838,{"date":144,"score":117,"percentile":145},"2025-11-13",0.08881,{"date":147,"score":117,"percentile":148},"2025-11-14",0.08914,{"date":150,"score":117,"percentile":151},"2025-11-15",0.08942,{"date":153,"score":117,"percentile":154},"2025-11-16",0.08947,{"date":156,"score":117,"percentile":157},"2025-11-17",0.08938,{"date":159,"score":160,"percentile":161},"2025-11-18",0.0006,0.14399,{"date":163,"score":160,"percentile":164},"2025-11-19",0.14416,{"date":166,"score":160,"percentile":167},"2025-11-20",0.14428,{"date":169,"score":117,"percentile":170},"2025-11-21",0.09023,{"date":172,"score":117,"percentile":173},"2025-11-22",0.08953,{"date":175,"score":117,"percentile":176},"2025-11-23",0.08928,{"date":178,"score":117,"percentile":179},"2025-11-24",0.08917,{"date":181,"score":117,"percentile":182},"2025-11-25",0.08912,{"date":184,"score":117,"percentile":185},"2025-11-26",0.08919,{"date":187,"score":117,"percentile":176},"2025-11-27",{"date":189,"score":117,"percentile":190},"2025-11-28",0.08904,{"date":192,"score":117,"percentile":193},"2025-11-29",0.08937,{"date":195,"score":117,"percentile":196},"2025-11-30",0.08946,{"date":198,"score":117,"percentile":199},"2025-12-01",0.08991,{"date":201,"score":117,"percentile":202},"2025-12-02",0.09009,{"date":204,"score":117,"percentile":205},"2025-12-03",0.09038,{"date":207,"score":117,"percentile":208},"2025-12-04",0.09033,{"date":210,"score":117,"percentile":211},"2025-12-05",0.09087,{"date":213,"score":214,"percentile":215},"2025-12-06",0.00034,0.09438,{"date":217,"score":214,"percentile":218},"2025-12-07",0.09442,{"date":220,"score":214,"percentile":221},"2025-12-08",0.0945,{"date":223,"score":214,"percentile":224},"2025-12-09",0.09506,{"date":226,"score":214,"percentile":227},"2025-12-10",0.09586,{"date":229,"score":214,"percentile":230},"2025-12-11",0.0962,{"date":232,"score":214,"percentile":233},"2025-12-12",0.09643,{"date":235,"score":214,"percentile":236},"2025-12-13",0.09652,{"date":238,"score":214,"percentile":239},"2025-12-14",0.09646,{"date":241,"score":214,"percentile":242},"2025-12-15",0.09574,{"date":244,"score":214,"percentile":245},"2025-12-16",0.09562,{"date":247,"score":214,"percentile":248},"2025-12-17",0.09644,{"date":250,"score":214,"percentile":251},"2025-12-18",0.09702,{"date":253,"score":214,"percentile":254},"2025-12-19",0.09722,{"date":256,"score":117,"percentile":257},"2025-12-20",0.0936,{"date":259,"score":117,"percentile":260},"2025-12-21",0.0934,{"date":262,"score":117,"percentile":263},"2025-12-22",0.09307,{"date":265,"score":117,"percentile":266},"2025-12-23",0.09293,{"date":268,"score":117,"percentile":269},"2025-12-24",0.09299,{"date":271,"score":117,"percentile":272},"2025-12-25",0.09383,{"date":274,"score":117,"percentile":275},"2025-12-26",0.09369,{"date":277,"score":117,"percentile":278},"2025-12-27",0.0933,{"date":280,"score":117,"percentile":281},"2025-12-28",0.09367,{"date":283,"score":117,"percentile":284},"2025-12-29",0.09331,{"date":286,"score":117,"percentile":287},"2025-12-30",0.09313,{"date":289,"score":117,"percentile":290},"2025-12-31",0.09366,{"date":292,"score":117,"percentile":293},"2026-01-01",0.09403,{"date":295,"score":117,"percentile":296},"2026-01-02",0.09401,{"date":298,"score":117,"percentile":299},"2026-01-03",0.0939,{"date":301,"score":117,"percentile":302},"2026-01-04",0.09316,{"date":304,"score":117,"percentile":305},"2026-01-05",0.09273,{"date":307,"score":117,"percentile":308},"2026-01-06",0.09248,{"date":310,"score":117,"percentile":311},"2026-01-07",0.09281,{"date":313,"score":117,"percentile":314},"2026-01-08",0.09341,{"date":316,"score":117,"percentile":317},"2026-01-09",0.09359,{"date":319,"score":117,"percentile":320},"2026-01-10",0.09377,{"date":322,"score":117,"percentile":278},"2026-01-11",{"date":324,"score":117,"percentile":325},"2026-01-12",0.09309,{"date":327,"score":117,"percentile":328},"2026-01-13",0.0928,{"date":330,"score":117,"percentile":331},"2026-01-14",0.09334,{"date":333,"score":117,"percentile":334},"2026-01-15",0.09344,{"date":336,"score":117,"percentile":337},"2026-01-16",0.09385,{"date":339,"score":117,"percentile":340},"2026-01-17",0.09393,{"date":342,"score":117,"percentile":343},"2026-01-18",0.09356,{"date":345,"score":117,"percentile":346},"2026-01-19",0.09314,{"date":348,"score":117,"percentile":349},"2026-01-20",0.09288,{"date":351,"score":117,"percentile":352},"2026-01-21",0.09255,{"date":354,"score":117,"percentile":355},"2026-01-22",0.09238,{"date":357,"score":358,"percentile":359},"2026-01-23",0.00035,0.10172,{"date":361,"score":358,"percentile":362},"2026-01-24",0.10228,{"date":364,"score":358,"percentile":365},"2026-01-25",0.10188,{"date":367,"score":358,"percentile":368},"2026-01-26",0.10144,{"date":370,"score":358,"percentile":371},"2026-01-27",0.10127,{"date":373,"score":358,"percentile":374},"2026-01-28",0.10105,{"date":376,"score":358,"percentile":377},"2026-01-29",0.10081,{"date":379,"score":358,"percentile":380},"2026-01-30",0.10092,{"date":382,"score":358,"percentile":383},"2026-01-31",0.10109,{"date":385,"score":358,"percentile":386},"2026-02-01",0.10119,[388,395,398],{"source":86,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":389,"cvss_v4_0":9},{"baseScore":390,"baseSeverity":391,"vectorString":392,"impactScore":393,"exploitabilityScore":394},5,"MEDIUM","CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",6.2,2.1,{"source":80,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":396,"cvss_v4_0":9},{"baseScore":78,"baseSeverity":391,"vectorString":81,"impactScore":393,"exploitabilityScore":397},5.1,{"source":87,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":399,"cvss_v4_0":9},{"baseScore":400,"baseSeverity":9,"vectorString":401,"impactScore":402,"exploitabilityScore":394},2.5,"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",2.3,[404,417,424],{"ecosystem":405,"name":406,"vendor":407,"product":408,"cpe_part":9,"purl_type":409,"purl_namespace":407,"purl_name":408,"source":9,"versions":410},"Go","github.com/opencontainers/runc","github.com/opencontainers","runc","golang",[411],{"version":412,"is_range":413,"range_type":414,"version_start":9,"version_start_type":9,"version_end":415,"version_end_type":416,"fixed_in":9},"lt1_1_5",true,"semver","1.1.5","excluding",{"ecosystem":9,"name":408,"vendor":418,"product":408,"cpe_part":419,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":420},"linuxfoundation","a",[421],{"version":422,"is_range":413,"range_type":423,"version_start":9,"version_start_type":9,"version_end":415,"version_end_type":416,"fixed_in":9},"lt1.1.5","cpe",{"ecosystem":9,"name":408,"vendor":425,"product":408,"cpe_part":419,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":426},"opencontainers",[427],{"version":428,"is_range":413,"range_type":86,"version_start":9,"version_start_type":9,"version_end":415,"version_end_type":416,"fixed_in":9},"\u003C 1.1.5"]