CVE-2025-2713

Published: Mar 28, 2025

Modified: Sep 8, 2025

PUBLISHED

Description

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.

Vendor	Product	Versions
Google	gVisor	unaffected `release-20250319.0`

Weaknesses (CWE)

CWE-266

References

https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-2713

Description

Affected Products

Weaknesses (CWE)

References