Unrated severityNVD Advisory· Published Mar 28, 2025· Updated Sep 8, 2025

Improper File Permission Handling in Google gVisor runsc

CVE-2025-2713

Description

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.

Affected products

Google/gVisorllm-create
Google/gVisorv5
Range: release-20250319.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843emitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000