CVE-2025-2713

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
GoogleCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
golang-gvisor-gvisor
bookworm
no-dsa
sid
0.0~20240729.0-4
fixed
trixie
0.0~20240729.0-4
fixed
Common Weakness Enumeration
References
https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e