Security Advisory

CVE-2025-2713

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-28 15:27:43

Last updated 2025-09-08 09:47:48

Assigner Google

State PUBLISHED

Description

Google gVisors runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.

← Browse all CVEs View on cve.org ↗