[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-52565":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":35,"aliases":45,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":142,"related":143,"reserved_at":9,"published_at":193,"modified_at":194,"state":195,"summary":196,"references_raw":204,"kevs":261,"epss":262,"epss_history":265,"metrics":534,"affected":550},"CVE-2025-52565","runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",null,[11,24],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-61","UNIX Symbolic Link (Symlink) Following","The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.","weakness","Incomplete","Compound","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],{"_key":25,"id":25,"name":26,"description":27,"type":15,"status":28,"abstraction":29,"likelihood_of_exploit":9,"capec":30},"CWE-363","Race Condition Enabling Link Following","The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the product to access the wrong file.","Draft","Base",[31],{"id":32,"name":33,"techniques":34},"CAPEC-26","Leveraging Race Conditions",[],[36],{"_key":37,"name":38,"source":39,"url":40,"maturity":41,"reliability_score":42,"verified":43,"type":9,"platforms":44,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_OPENCONTAINERS_RUNC","Runc","github","https://github.com/opencontainers/runc/issues/2128","poc",0.3,false,[],[46,47],"GHSA-qw9x-cqr3-wc7r","GO-2025-4097",[],[50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140],{"_key":51},"SUSE-SU-2025:4073-2",{"_key":53},"SUSE-SU-2025:4079-1",{"_key":55},"SUSE-SU-2025:4080-1",{"_key":57},"UBUNTU-CVE-2025-52565",{"_key":59},"USN-7851-1",{"_key":61},"SUSE-SU-2025:4081-1",{"_key":63},"SUSE-SU-2025:21036-1",{"_key":65},"SUSE-SU-2025:21038-1",{"_key":67},"SUSE-SU-2025:21054-1",{"_key":69},"SUSE-SU-2025:21072-1",{"_key":71},"SUSE-SU-2025:21136-1",{"_key":73},"SUSE-SU-2025:3951-1",{"_key":75},"SUSE-SU-2025:4077-1",{"_key":77},"SUSE-SU-2026:0327-1",{"_key":79},"SUSE-SU-2026:20103-1",{"_key":81},"SUSE-SU-2026:20116-1",{"_key":83},"SUSE-SU-2026:20123-1",{"_key":85},"SUSE-SU-2026:20214-1",{"_key":87},"SUSE-SU-2026:20626-1",{"_key":89},"SUSE-SU-2026:20641-1",{"_key":91},"SUSE-SU-2025:3950-1",{"_key":93},"SUSE-SU-2025:4073-1",{"_key":95},"OPENSUSE-SU-2025:15705-1",{"_key":97},"OPENSUSE-SU-2025:20072-1",{"_key":99},"OPENSUSE-SU-2026:20072-1",{"_key":101},"OPENSUSE-SU-2026:20080-1",{"_key":103},"OPENSUSE-SU-2026:20140-1",{"_key":105},"OPENSUSE-SU-2026:20305-1",{"_key":107},"MGASA-2025-0271",{"_key":109},"DEBIAN-CVE-2025-52565",{"_key":111},"RHSA-2025:19927",{"_key":113},"RHSA-2025:20957",{"_key":115},"RHSA-2025:21232",{"_key":117},"RHSA-2025:21328",{"_key":119},"RHSA-2026:0315",{"_key":121},"RHSA-2026:0331",{"_key":123},"RHSA-2026:0418",{"_key":125},"RHSA-2026:0425",{"_key":127},"RHSA-2026:0676",{"_key":129},"RHSA-2026:0701",{"_key":131},"RHSA-2026:0995",{"_key":133},"RHSA-2026:10703",{"_key":135},"RHSA-2026:1540",{"_key":137},"RHSA-2026:4531",{"_key":139},"RHSA-2026:4693",{"_key":141},"RHSA-2026:8325",[],[144,145,146,147,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,175,177,179,181,183,185,187,189,191],{"_key":51},{"_key":53},{"_key":55},{"_key":148},"CVE-2025-52881",{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":95},{"_key":97},{"_key":99},{"_key":101},{"_key":103},{"_key":105},{"_key":107},{"_key":174},"CGA-269X-5CRW-6HMW",{"_key":176},"CGA-C9RV-58GV-3CJ4",{"_key":178},"CGA-F3FF-956J-QVF8",{"_key":180},"CGA-JHF8-7JR2-Q99F",{"_key":182},"CGA-JM25-FFQ2-4JCH",{"_key":184},"CGA-M2G3-F98M-RR23",{"_key":186},"CGA-RH6X-X8XR-226P",{"_key":188},"CGA-V7FR-4C6H-V59V",{"_key":190},"CGA-VMQM-5WC5-7M8X",{"_key":192},"CGA-7FR5-R9WV-F462","2025-11-06T20:02:58.513Z","2025-11-06T21:32:19.129Z","Analyzed",{"cisa_kev":43,"cisa_ransomware":43,"cisa_vendor":9,"epss_severity":197,"epss_score":198,"severity":199,"severity_score":200,"severity_version":201,"severity_source":202,"severity_vector":203,"severity_status":195},"low",0.00026,"high",8.4,"v4.0","cve.org","CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H",[205,218,224,228,232,236,240,244,248,252,256],{"url":206,"sources":207,"tags":210},"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",[202,208,209],"nvd","osv_go",[211,212,213,214,215,216,217],"X Refsource CONFIRM","Exploit","Mitigation","Patch","Third Party Advisory","WEB","Advisory",{"url":219,"sources":220,"tags":221},"https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4",[202,208,209],[222,214,216,223],"X Refsource MISC","FIX",{"url":225,"sources":226,"tags":227},"https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398",[202,208,209],[222,214,216,223],{"url":229,"sources":230,"tags":231},"https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e",[202,208,209],[222,214,216,223],{"url":233,"sources":234,"tags":235},"https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d",[202,208,209],[222,214,216,223],{"url":237,"sources":238,"tags":239},"https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a",[202,208,209],[222,214,216,223],{"url":241,"sources":242,"tags":243},"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64",[202,208,209],[222,214,216,223],{"url":245,"sources":246,"tags":247},"https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8",[202,208,209],[222,214,216,223],{"url":249,"sources":250,"tags":251},"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480",[202,208,209],[222,214,216,223],{"url":253,"sources":254,"tags":255},"https://nvd.nist.gov/vuln/detail/CVE-2025-52565",[209],[217],{"url":257,"sources":258,"tags":259},"https://github.com/opencontainers/runc",[209],[260],"PACKAGE",[],{"date":263,"score":198,"percentile":264},"2026-06-05",0.07665,[266,270,273,277,279,282,285,288,290,293,296,298,302,306,309,312,315,318,321,324,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,385,388,391,395,398,400,403,406,409,412,415,417,420,423,426,429,432,435,438,441,444,447,450,453,456,458,461,464,467,470,473,476,479,482,485,488,491,494,497,500,503,506,509,512,515,518,520,523,525,528,531],{"date":267,"score":268,"percentile":269},"2025-11-07",0.00008,0.00434,{"date":271,"score":268,"percentile":272},"2025-11-08",0.00433,{"date":274,"score":275,"percentile":276},"2025-11-09",0.00007,0.00312,{"date":278,"score":275,"percentile":276},"2025-11-10",{"date":280,"score":275,"percentile":281},"2025-11-11",0.00311,{"date":283,"score":268,"percentile":284},"2025-11-12",0.0053,{"date":286,"score":268,"percentile":287},"2025-11-13",0.00528,{"date":289,"score":268,"percentile":284},"2025-11-14",{"date":291,"score":268,"percentile":292},"2025-11-15",0.00534,{"date":294,"score":268,"percentile":295},"2025-11-16",0.00533,{"date":297,"score":268,"percentile":284},"2025-11-17",{"date":299,"score":300,"percentile":301},"2025-11-18",0.00016,0.01651,{"date":303,"score":304,"percentile":305},"2025-11-19",0.00015,0.01292,{"date":307,"score":304,"percentile":308},"2025-11-20",0.01313,{"date":310,"score":304,"percentile":311},"2025-11-21",0.02139,{"date":313,"score":304,"percentile":314},"2025-11-22",0.0214,{"date":316,"score":304,"percentile":317},"2025-11-23",0.02135,{"date":319,"score":304,"percentile":320},"2025-11-24",0.0212,{"date":322,"score":304,"percentile":323},"2025-11-25",0.02117,{"date":325,"score":326,"percentile":327},"2025-11-26",0.00018,0.03688,{"date":329,"score":326,"percentile":330},"2025-11-27",0.03703,{"date":332,"score":326,"percentile":333},"2025-11-28",0.03704,{"date":335,"score":326,"percentile":336},"2025-11-29",0.03747,{"date":338,"score":326,"percentile":339},"2025-11-30",0.03759,{"date":341,"score":326,"percentile":342},"2025-12-01",0.03855,{"date":344,"score":326,"percentile":345},"2025-12-02",0.03869,{"date":347,"score":326,"percentile":348},"2025-12-03",0.0388,{"date":350,"score":304,"percentile":351},"2025-12-04",0.02479,{"date":353,"score":304,"percentile":354},"2025-12-05",0.02492,{"date":356,"score":304,"percentile":357},"2025-12-06",0.02503,{"date":359,"score":304,"percentile":360},"2025-12-07",0.02508,{"date":362,"score":326,"percentile":363},"2025-12-08",0.03607,{"date":365,"score":326,"percentile":366},"2025-12-09",0.03644,{"date":368,"score":326,"percentile":369},"2025-12-10",0.03677,{"date":371,"score":326,"percentile":372},"2025-12-11",0.03664,{"date":374,"score":326,"percentile":375},"2025-12-12",0.0368,{"date":377,"score":326,"percentile":378},"2025-12-13",0.03686,{"date":380,"score":326,"percentile":381},"2025-12-14",0.03681,{"date":383,"score":326,"percentile":384},"2025-12-15",0.03652,{"date":386,"score":326,"percentile":387},"2025-12-16",0.03669,{"date":389,"score":326,"percentile":390},"2025-12-17",0.03699,{"date":392,"score":393,"percentile":394},"2025-12-18",0.00019,0.041,{"date":396,"score":393,"percentile":397},"2025-12-19",0.0408,{"date":399,"score":393,"percentile":397},"2025-12-20",{"date":401,"score":393,"percentile":402},"2025-12-21",0.04107,{"date":404,"score":393,"percentile":405},"2025-12-22",0.04059,{"date":407,"score":393,"percentile":408},"2025-12-23",0.04068,{"date":410,"score":393,"percentile":411},"2025-12-24",0.04085,{"date":413,"score":393,"percentile":414},"2025-12-25",0.0413,{"date":416,"score":393,"percentile":414},"2025-12-26",{"date":418,"score":393,"percentile":419},"2025-12-27",0.04142,{"date":421,"score":393,"percentile":422},"2025-12-28",0.04134,{"date":424,"score":393,"percentile":425},"2025-12-29",0.04123,{"date":427,"score":393,"percentile":428},"2025-12-30",0.04061,{"date":430,"score":393,"percentile":431},"2025-12-31",0.04083,{"date":433,"score":393,"percentile":434},"2026-01-01",0.04169,{"date":436,"score":393,"percentile":437},"2026-01-02",0.04171,{"date":439,"score":393,"percentile":440},"2026-01-03",0.04157,{"date":442,"score":393,"percentile":443},"2026-01-04",0.04047,{"date":445,"score":393,"percentile":446},"2026-01-05",0.04001,{"date":448,"score":393,"percentile":449},"2026-01-06",0.04002,{"date":451,"score":393,"percentile":452},"2026-01-07",0.04021,{"date":454,"score":393,"percentile":455},"2026-01-08",0.04055,{"date":457,"score":393,"percentile":455},"2026-01-09",{"date":459,"score":393,"percentile":460},"2026-01-10",0.04065,{"date":462,"score":393,"percentile":463},"2026-01-11",0.04044,{"date":465,"score":393,"percentile":466},"2026-01-12",0.04042,{"date":468,"score":326,"percentile":469},"2026-01-13",0.03998,{"date":471,"score":326,"percentile":472},"2026-01-14",0.04034,{"date":474,"score":326,"percentile":475},"2026-01-15",0.0396,{"date":477,"score":326,"percentile":478},"2026-01-16",0.03933,{"date":480,"score":326,"percentile":481},"2026-01-17",0.03935,{"date":483,"score":326,"percentile":484},"2026-01-18",0.03911,{"date":486,"score":326,"percentile":487},"2026-01-19",0.03866,{"date":489,"score":326,"percentile":490},"2026-01-20",0.03836,{"date":492,"score":326,"percentile":493},"2026-01-21",0.03826,{"date":495,"score":326,"percentile":496},"2026-01-22",0.0383,{"date":498,"score":326,"percentile":499},"2026-01-23",0.03875,{"date":501,"score":326,"percentile":502},"2026-01-24",0.0391,{"date":504,"score":326,"percentile":505},"2026-01-25",0.03897,{"date":507,"score":326,"percentile":508},"2026-01-26",0.03882,{"date":510,"score":326,"percentile":511},"2026-01-27",0.03868,{"date":513,"score":326,"percentile":514},"2026-01-28",0.03852,{"date":516,"score":326,"percentile":517},"2026-01-29",0.03873,{"date":519,"score":326,"percentile":499},"2026-01-30",{"date":521,"score":326,"percentile":522},"2026-01-31",0.03853,{"date":524,"score":326,"percentile":475},"2026-02-01",{"date":526,"score":326,"percentile":527},"2026-02-02",0.03943,{"date":529,"score":326,"percentile":530},"2026-02-03",0.03939,{"date":532,"score":326,"percentile":533},"2026-02-04",0.03915,[535,538,546],{"source":202,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":536},{"baseScore":200,"baseSeverity":537,"vectorString":203,"impactScore":9,"exploitabilityScore":9},"HIGH",{"source":208,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":539,"cvss_v4_0":544},{"baseScore":540,"baseSeverity":537,"vectorString":541,"impactScore":542,"exploitabilityScore":543},7.5,"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",10,2.1,{"baseScore":200,"baseSeverity":537,"vectorString":545,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":209,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":547},{"baseScore":548,"baseSeverity":9,"vectorString":549,"impactScore":9,"exploitabilityScore":9},7.3,"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",[551,574,615],{"ecosystem":552,"name":553,"vendor":554,"product":555,"cpe_part":9,"purl_type":556,"purl_namespace":554,"purl_name":555,"source":9,"versions":557},"Go","github.com/opencontainers/runc","github.com/opencontainers","runc","golang",[558,566,570],{"version":559,"is_range":560,"range_type":561,"version_start":562,"version_start_type":563,"version_end":564,"version_end_type":565,"fixed_in":9},"gte1_0_0_rc3_lt1_2_8",true,"semver","1.0.0-rc3","including","1.2.8","excluding",{"version":567,"is_range":560,"range_type":561,"version_start":568,"version_start_type":563,"version_end":569,"version_end_type":565,"fixed_in":9},"gte1_3_0_rc_1_lt1_3_3","1.3.0-rc.1","1.3.3",{"version":571,"is_range":560,"range_type":561,"version_start":572,"version_start_type":563,"version_end":573,"version_end_type":565,"fixed_in":9},"gte1_4_0_rc_1_lt1_4_0_rc_3","1.4.0-rc.1","1.4.0-rc.3",{"ecosystem":9,"name":555,"vendor":575,"product":555,"cpe_part":576,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":577},"linuxfoundation","a",[578,582,585,587,589,591,593,595,597,599,601,603,605,607,609,611,613],{"version":579,"is_range":560,"range_type":580,"version_start":581,"version_start_type":563,"version_end":564,"version_end_type":565,"fixed_in":9},"gte1.0.1_lt1.2.8","cpe","1.0.1",{"version":583,"is_range":560,"range_type":580,"version_start":584,"version_start_type":563,"version_end":569,"version_end_type":565,"fixed_in":9},"gte1.3.0_lt1.3.3","1.3.0",{"version":586,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc3",{"version":588,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc4",{"version":590,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc5",{"version":592,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc6",{"version":594,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc7",{"version":596,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc8",{"version":598,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc9",{"version":600,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc90",{"version":602,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc91",{"version":604,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc92",{"version":606,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc93",{"version":608,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc94",{"version":610,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0.0:rc95",{"version":612,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.4.0:rc1",{"version":614,"is_range":43,"range_type":580,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.4.0:rc2",{"ecosystem":9,"name":555,"vendor":616,"product":555,"cpe_part":576,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":617},"opencontainers",[618,620,622],{"version":619,"is_range":560,"range_type":202,"version_start":562,"version_start_type":563,"version_end":564,"version_end_type":565,"fixed_in":9},">= 1.0.0-rc3, \u003C 1.2.8",{"version":621,"is_range":560,"range_type":202,"version_start":568,"version_start_type":563,"version_end":569,"version_end_type":565,"fixed_in":9},">= 1.3.0-rc.1, \u003C 1.3.3",{"version":623,"is_range":560,"range_type":202,"version_start":572,"version_start_type":563,"version_end":573,"version_end_type":565,"fixed_in":9},">= 1.4.0-rc.1, \u003C 1.4.0-rc.3"]