We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-2713

Improper File Permission Handling in Google gVisor runsc



Description

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.

Reserved 2025-03-24 | Published 2025-03-28 | Updated 2025-03-28 | Assigner Google


MEDIUM: 6.8CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-269 Improper Privilege Management

Product status

Default status
unaffected

release-20250319.0
unaffected

References

github.com/...ommit/586c38d70081b13b2ed494cef48e99b93956843e

cve.org (CVE-2025-2713)

nvd.nist.gov (CVE-2025-2713)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-2713

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.