CVE-2025-52881
Publication date 5 November 2025
Last updated 5 November 2025
Ubuntu priority
Description
container escape and denial of service due to arbitrary write gadgets and procfs write redirects
Read the notes from the security team
Why is this CVE high priority?
runc developers have rated this as being high severity
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| runc | 25.10 questing | Ignored backport too intrusive |
| 25.04 plucky | Ignored backport too intrusive | |
| 24.04 LTS noble | Ignored backport too intrusive | |
| 22.04 LTS jammy | Ignored backport too intrusive | |
| 20.04 LTS focal | Ignored backport too intrusive | |
| 18.04 LTS bionic | Ignored backport too intrusive | |
| 16.04 LTS xenial | Ignored backport too intrusive | |
| runc-app | 25.10 questing |
Fixed 1.3.3-0ubuntu1~25.10.2
|
| 25.04 plucky |
Fixed 1.3.3-0ubuntu1~25.04.2
|
|
| 24.04 LTS noble |
Fixed 1.3.3-0ubuntu1~24.04.2
|
|
| 22.04 LTS jammy |
Fixed 1.3.3-0ubuntu1~22.04.2
|
|
| 20.04 LTS focal | Ignored backport too intrusive | |
| runc-stable | 25.10 questing |
Fixed 1.3.3-0ubuntu1~25.10.2
|
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Notes
sbeattie
src:runc-app provides the runc binaries, src:runc provides golang-github-opencontainers-runc-dev in older releases. See LP: #2022390 and LP: #2040460 for details.
References
Related Ubuntu Security Notices (USN)
- USN-7851-1
- runC vulnerabilities
- 4 November 2025