• TRENDING:
• NVIDIA DGX Spark
• Intel Panther Lake
• Snapdragon X2 Elite
• ASUS ROG Xbox Ally X
• Dell 14 Premium And 16 Premium

Security researchers have found several alarming security flaws in tooling used by containerization tool Docker that allows attackers to attack the host machine. The flaws specifically relate to runC, which Docker describes as the “infrastructure plumbing” that makes it such a useful tool for developers.

RunC is a universal container runtime that enables distributed applications to run across a wide swath of hardware and operating systems. Because it gives containers access to resources from the host machine, it makes fertile ground for potential attacks using these newly discovered flaws.

One security flaw, marked as CVE-2025-31133, revolves around runC’s capacity to mask paths and protect sensitive files by bind-mounting a container’s dev/null ionode over a file. If an attacker were able to replace dev/null with a symlink to another file or path, it can provide an opportunity to break out of the container and get direct access to the host system.

Another exploit, referred to as CVE-2025-52565, is similar to the first, in that an attacker can leverage runC’s ability to mount files. When a dev/console bind-mount is created, an attacker can trick runC into running a symlink to a different file or path, which can lead to a break out from the container environment.

Finally, the third issue, CVE-2025-52881, allows an attacker to bypass a check by referencing an existing procfs file that can then be redirected to access a sensitive file such as /proc/sysrq-trigger and thus lead to malicious actions including crashing the host machine. It also, apparently, provides an avenue for escaping the container.

System administrators using the runC library for Docker or any other tooling should update as soon as possible. While these flaws haven’t been exploited yet, now that they have been made public it’s only a matter of time until threat actors attempt to leverage them.