CVE Vulnerabilities

CVE-2025-2713

Improper Privilege Management

Published: Mar 28, 2025 | Modified: Mar 28, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Google gVisors runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Golang-gvisor-gvisor Ubuntu upstream *

Potential Mitigations

References