CVE-2025-52881
high
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
8.0
Description
RHSA-2025:23543: container-tools:rhel8 security update (Important)
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Affected | โ |
| sid | Fixed | 1.3.3+ds1-2 |
| forky | Fixed | 1.3.3+ds1-2 |
| bullseye | Affected | โ |
| bookworm | Affected | โ |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/opencontainers/runc | <1.2.8 | 1.2.8 |
| Go | github.com/opencontainers/selinux | <1.13.0 | 1.13.0 |
| Go | github.com/opencontainers/runc | >=1.3.0-rc.1,<1.3.3 | 1.3.3 |
| Go | github.com/opencontainers/runc | >=1.4.0-rc.1,<1.4.0-rc.3 | 1.4.0-rc.3 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| aws | aws | | |
References
- https://errata.rockylinux.org/RLSA-2025:23543
- https://errata.rockylinux.org/RLSA-2025:21232
- https://access.redhat.com/errata/RHSA-2025:19927
- https://access.redhat.com/errata/RHSA-2025:20957
- https://access.redhat.com/errata/RHSA-2025:21702
- https://access.redhat.com/errata/RHSA-2025:22011
- https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r
- https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw
- https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm
- https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2
- https://nvd.nist.gov/vuln/detail/CVE-2025-52881
- https://github.com/opencontainers/selinux/pull/237
- https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480
- https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51
- https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3
- https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1
- https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64
- https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165
- https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2
- https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28
- https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322
- https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db
- https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544
- https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f
- https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.