CVE-2025-24965 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-24965 PUBLISHED CVSS 8.5 HIGH

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed in crun 1.20 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

EPSS 0.36% · 57.8th percentile

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.36%

57.8th percentile

Affected Products

Vendor	Product	Versions
containers	crun	< 1.20

Timeline

Feb 19, 2025 CVE Published
Feb 19, 2025 PoC Published
Feb 20, 2025 EPSS Score
Mar 6, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Apr 2, 2025 EPSS Score
Apr 16, 2025 EPSS Score
Apr 30, 2025 EPSS Score
May 13, 2025 EPSS Score
May 27, 2025 EPSS Score
Jun 10, 2025 EPSS Score
Jun 24, 2025 EPSS Score

References

Open in Interactive Console →