Path Traversal in Containers Crun

CVE-2025-24965

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No specia…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (45.6th percentile) — read the EPSS interpretation.

Affected products

Containers Crun — versions < 1.20

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/containers/crun/security/advisories/GHSA-f42g-r5jj-qh4j (x_refsource_CONFIRM)
https://github.com/containers/crun/commit/0aec82c2b686f0b1793deed43b46524fe2e8b5a7 (x_refsource_MISC)
https://github.com/containers/crun/releases/tag/1.20 (x_refsource_MISC)