Vulnerability Description
crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed in crun 1.20 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Related Weaknesses (CWE)
References
- https://github.com/containers/crun/commit/0aec82c2b686f0b1793deed43b46524fe2e8b5
- https://github.com/containers/crun/releases/tag/1.20
- https://github.com/containers/crun/security/advisories/GHSA-f42g-r5jj-qh4j
FAQ
What is CVE-2025-24965?
CVE-2025-24965 is a documented vulnerability. crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation...
How severe is CVE-2025-24965?
CVSS scoring is not yet available for CVE-2025-24965. Check NVD for updates.
Is there a patch for CVE-2025-24965?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.