CVE-2025-2713

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.

Database specific

{
    "cwe_ids": [
        "CWE-266"
    ],
    "cna_assigner": "Google",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2713.json"
}

References

Affected packages

Git / github.com/google/gvisor

Affected ranges

Type

GIT

Repo

https://github.com/google/gvisor

Events

Introduced

Fixed

e1ffb147787ac37d003c60519a7e859a80f89b1f

Fixed

586c38d70081b13b2ed494cef48e99b93956843e

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "20240325.0"
        }
    ],
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:google:gvisor:*:*:*:*:*:*:*:*"
}

Affected versions

release-20190304.*

release-20190304.1

release-20190529.*

release-20190529.1

release-20190722.*

release-20190722.1

release-20190806.*

release-20190806.1

release-20191104.*

release-20191104.0

release-20191114.*

release-20191114.0

release-20191129.*

release-20191129.0

release-20191210.*

release-20191210.0

release-20191213.*

release-20191213.0

release-20200115.*

release-20200115.0

release-20200127.*

release-20200127.0

release-20200211.*

release-20200211.0

release-20200219.*

release-20200219.0

release-20200323.*

release-20200323.0

release-20200413.*

release-20200413.0

release-20200422.*

release-20200422.0

release-20200511.*

release-20200511.0

release-20200518.*

release-20200518.0

release-20200522.*

release-20200522.0

release-20200601.*

release-20200601.0

release-20200608.*

release-20200608.0

release-20200622.*

release-20200622.1

release-20200804.*

release-20200804.0

release-20200810.*

release-20200810.0

release-20200818.*

release-20200818.0

release-20200907.*

release-20200907.0

release-20200914.*

release-20200914.0

release-20200921.*

release-20200921.0

release-20200928.*

release-20200928.0

release-20201005.*

release-20201005.0

release-20201012.*

release-20201012.0

release-20201019.*

release-20201019.0

release-20201027.*

release-20201027.0

release-20201030.*

release-20201030.0

release-20201109.*

release-20201109.0

release-20201117.*

release-20201117.0

release-20201130.*

release-20201130.0

release-20201208.*

release-20201208.0

release-20201216.*

release-20201216.0

release-20210112.*

release-20210112.0

release-20210121.*

release-20210121.1

release-20210125.*

release-20210125.0

release-20210201.*

release-20210201.0

release-20210208.*

release-20210208.0

release-20210301.*

release-20210301.0

release-20210309.*

release-20210309.0

release-20210315.*

release-20210315.0

release-20210322.*

release-20210322.0

release-20210408.*

release-20210408.0

release-20210412.*

release-20210412.0

release-20210419.*

release-20210419.0

release-20210503.*

release-20210503.0

release-20210510.*

release-20210510.0

release-20210518.*

release-20210518.0

release-20210601.*

release-20210601.0

release-20210607.*

release-20210607.0

release-20210614.*

release-20210614.0

release-20210622.*

release-20210622.0

release-20210628.*

release-20210628.0

release-20210705.*

release-20210705.0

release-20210712.*

release-20210712.0

release-20210720.*

release-20210720.0

release-20210726.*

release-20210726.0

release-20210806.*

release-20210806.0

release-20210816.*

release-20210816.0

release-20210823.*

release-20210823.0

release-20210830.*

release-20210830.0

release-20210906.*

release-20210906.0

release-20210921.*

release-20210921.0

release-20210927.*

release-20210927.0

release-20211005.*

release-20211005.0

release-20211011.*

release-20211011.0

release-20211019.*

release-20211019.0

release-20211026.*

release-20211026.0

release-20211101.*

release-20211101.0

release-20211108.*

release-20211108.0

release-20211115.*

release-20211115.0

release-20211122.*

release-20211122.0

release-20211129.*

release-20211129.0

release-20220103.*

release-20220103.0

release-20220117.*

release-20220117.0

release-20220124.*

release-20220124.0

release-20220131.*

release-20220131.0

release-20220208.*

release-20220208.0

release-20220214.*

release-20220214.0

release-20220221.*

release-20220221.0

release-20220222.*

release-20220222.0

release-20220228.*

release-20220228.0

release-20220309.*

release-20220309.0

release-20220314.*

release-20220314.0

release-20220321.*

release-20220321.0

release-20220328.*

release-20220328.0

release-20220405.*

release-20220405.0

release-20220411.*

release-20220411.0

release-20220418.*

release-20220418.0

release-20220425.*

release-20220425.0

release-20220502.*

release-20220502.1

release-20220510.*

release-20220510.0

release-20220516.*

release-20220516.0

release-20220606.*

release-20220606.0

release-20220621.*

release-20220621.0

release-20220627.*

release-20220627.0

release-20220704.*

release-20220704.0

release-20220713.*

release-20220713.0

release-20220718.*

release-20220718.0

release-20220801.*

release-20220801.0

release-20220808.*

release-20220808.0

release-20220815.*

release-20220815.0

release-20220822.*

release-20220822.0

release-20220905.*

release-20220905.0

release-20220913.*

release-20220913.0

release-20220919.*

release-20220919.0

release-20220926.*

release-20220926.0

release-20221003.*

release-20221003.0

release-20221010.*

release-20221010.0

release-20221017.*

release-20221017.0

release-20221026.*

release-20221026.0

release-20221102.*

release-20221102.1

release-20221107.*

release-20221107.0

release-20221122.*

release-20221122.0

release-20221128.*

release-20221128.0

release-20221205.*

release-20221205.0

release-20221212.*

release-20221212.0

release-20221219.*

release-20221219.0

release-20230102.*

release-20230102.0

release-20230109.*

release-20230109.0

release-20230118.*

release-20230118.0

release-20230123.*

release-20230123.0

release-20230130.*

release-20230130.0

release-20230214.*

release-20230214.0

release-20230227.*

release-20230227.0

release-20230306.*

release-20230306.0

release-20230313.*

release-20230313.0

release-20230320.*

release-20230320.0

release-20230327.*

release-20230327.0

release-20230417.*

release-20230417.0

release-20230501.*

release-20230501.0

release-20230508.*

release-20230508.0

release-20230517.*

release-20230517.0

release-20230522.*

release-20230522.0

release-20230529.*

release-20230529.0

release-20230605.*

release-20230605.0

release-20230621.*

release-20230621.0

release-20230627.*

release-20230627.0

release-20230710.*

release-20230710.0

release-20230717.*

release-20230717.0

release-20230724.*

release-20230724.0

release-20230731.*

release-20230731.0

release-20230801.*

release-20230801.0

release-20230807.*

release-20230807.0

release-20230814.*

release-20230814.0

release-20230823.*

release-20230823.0

release-20230904.*

release-20230904.0

release-20230911.*

release-20230911.0

release-20230920.*

release-20230920.0

release-20230925.*

release-20230925.0

release-20231003.*

release-20231003.0

release-20231009.*

release-20231009.0

release-20231016.*

release-20231016.0

release-20231023.*

release-20231023.0

release-20231030.*

release-20231030.0

release-20231106.*

release-20231106.0

release-20231113.*

release-20231113.0

release-20231120.*

release-20231120.0

release-20231204.*

release-20231204.0

release-20231211.*

release-20231211.0

release-20231218.*

release-20231218.0

release-20240109.*

release-20240109.0

release-20240115.*

release-20240115.0

release-20240122.*

release-20240122.0

release-20240129.*

release-20240129.0

release-20240206.*

release-20240206.0

release-20240212.*

release-20240212.0

release-20240305.*

release-20240305.0

release-20240311.*

release-20240311.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2713.json"