Description
There are packages installed that are affected by a vulnerability referenced in the following CVE:
- runc is a CLI tool for spawning and running containers according to the OCI specification. Versions
1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient
checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc
into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker
can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it
attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to
`/dev/console` as configured for all containers that allocate a console). This happens after
`pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with
CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the
attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively).
This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3. (CVE-2025-52565)
Plugin Details
Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 11/5/2025