High severityOSV Advisory· Published Feb 19, 2025· Updated Apr 15, 2026

CVE-2025-24965

Description

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed in crun 1.20 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products

Containers/CrunOSV
Range: 0.10, 0.10.1, 0.10.2, …

Patches

9c9a76ac1199

https://github.com/containers/crunvia osv

0aec82c2b686

https://github.com/containers/crunvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000