Home > Vulnerability Database > CVE-2025-24965

Mend.io Vulnerability Database

CVE-2025-24965

Date: February 19, 2025

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed in crun 1.20 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity Score

7.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-24965

Url: https://github.com/containers/crun/security/advisories/GHSA-f42g-r5jj-qh4j

Url: https://github.com/containers/crun/releases/tag/1.20

Url: https://github.com/containers/crun/commit/0aec82c2b686f0b1793deed43b46524fe2e8b5a7

Url: https://www.mend.io/vulnerability-database/CVE-2025-24965

Severity Score

7.3

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-24965

Date: February 19, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?