Ctrl + K
/ news / CVE
CVEPublished 2025-11-061 article on news7 live referencesNVD data

CVE-2025-31133

Vulnerability data via CVEDB (Shodan)

CVSS v3.1
7.3
HIGH
EPSS percentile
47
Exploit Prediction Scoring System · top 53% of all CVEs
Description

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.

Timeline
Published 2025-11-06

External references

NVDMITREExploit-DBGitHub PoCSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2025-31133
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Linuxfoundation Runc"
All exposed Linuxfoundation Runc instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Runc"
HTTP body or banner mentions "Runc" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2025-31133
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-31133
Censys host search filtered to this CVE id.
grep.app
CVE-2025-31133
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-31133
GitHub code search for direct mentions.
Google dork
"CVE-2025-31133" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2025-311338 repos
winmin/awesome-vm-escapeunknown
share some useful archives about vm and qemu escape exploit.
★ 600·updated 3mo ago
Threekiii/CVEunknown
一个 CVE 漏洞预警知识库,无 exp/poc,部分包含修复方案。A knowledge base of CVE security vulnerability, no PoCs/exploits.
★ 172·updated 2d ago
ctrsploit/ctrsploitC
A penetration toolkit for container environment
★ 150·updated 1w ago
BotGJ16/SSRFHunterPython
SSRFHunter
★ 18·updated 5mo ago
jq6l43d1/proxmox-lxc-docker-fixShell
Workaround for CVE-2025-52881: Fixes Docker/Podman breakage in Proxmox LXC containers caused by AppArmor incompatibility with runc 1.2.7+. Universal wrapper for community-scripts w…
★ 15·updated 7mo ago
pelagos-containers/pelagosRust
Daemonless Linux container runtime with a Lisp scripting interface — security-by-default, library API, full networking stack, OCI images, and multi-service orchestration
★ 11·updated 6d ago
liamromanis101/K8s-container_escape_auditShell
Look for possible escape vectors from a container
★ 5·updated 1d ago
vanhoangkha/awesome-aws-securityunknown
★ 5·updated 4mo ago
Articles on news mentioning CVE-2025-31133