Red Hat Security Advisory: OpenShift Container Platform 4.15.61 packages and security update
Red Hat OpenShift Container Platform 4. 15. 61 includes security updates addressing multiple vulnerabilities in the runc component that could allow container escape and denial of service. The issues involve mount race conditions, malicious configuration exploitation, and arbitrary write gadgets affecting container isolation. Users of OpenShift Container Platform 4. 15 are advised to upgrade to the updated packages and images provided by Red Hat to mitigate these vulnerabilities.
AI Analysis
Technical Summary
This advisory covers security fixes in Red Hat OpenShift Container Platform 4.15.61 related to three vulnerabilities in the runc container runtime: CVE-2025-31133 (container escape via 'masked path' abuse due to mount race conditions), CVE-2025-52565 (container escape with malicious config exploiting /dev/console mount and related races), and CVE-2025-52881 (container escape and denial of service via arbitrary write gadgets and procfs write redirects). These vulnerabilities affect container isolation and could allow an attacker to escape container boundaries or cause denial of service. The advisory provides updated RPM packages and container images to address these issues.
Potential Impact
The vulnerabilities allow potential container escape, undermining container isolation, and in one case, denial of service. This could enable an attacker with container access to affect the host or other containers. The security impact is rated as Important by Red Hat Product Security, and the overall severity is assessed as high. There are no known exploits in the wild at the time of this advisory.
Mitigation Recommendations
Red Hat has released updated packages and container images in OpenShift Container Platform 4.15.61 that fix these vulnerabilities. Users should upgrade to these updated packages and images via the appropriate release channel using the OpenShift CLI or web console. Detailed upgrade instructions are available in Red Hat's official documentation. Patch status is confirmed with an official fix available. No additional mitigation actions are indicated by the vendor.
Red Hat Security Advisory: OpenShift Container Platform 4.15.61 packages and security update
Description
Red Hat OpenShift Container Platform 4. 15. 61 includes security updates addressing multiple vulnerabilities in the runc component that could allow container escape and denial of service. The issues involve mount race conditions, malicious configuration exploitation, and arbitrary write gadgets affecting container isolation. Users of OpenShift Container Platform 4. 15 are advised to upgrade to the updated packages and images provided by Red Hat to mitigate these vulnerabilities.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers security fixes in Red Hat OpenShift Container Platform 4.15.61 related to three vulnerabilities in the runc container runtime: CVE-2025-31133 (container escape via 'masked path' abuse due to mount race conditions), CVE-2025-52565 (container escape with malicious config exploiting /dev/console mount and related races), and CVE-2025-52881 (container escape and denial of service via arbitrary write gadgets and procfs write redirects). These vulnerabilities affect container isolation and could allow an attacker to escape container boundaries or cause denial of service. The advisory provides updated RPM packages and container images to address these issues.
Potential Impact
The vulnerabilities allow potential container escape, undermining container isolation, and in one case, denial of service. This could enable an attacker with container access to affect the host or other containers. The security impact is rated as Important by Red Hat Product Security, and the overall severity is assessed as high. There are no known exploits in the wild at the time of this advisory.
Mitigation Recommendations
Red Hat has released updated packages and container images in OpenShift Container Platform 4.15.61 that fix these vulnerabilities. Users should upgrade to these updated packages and images via the appropriate release channel using the OpenShift CLI or web console. Detailed upgrade instructions are available in Red Hat's official documentation. Patch status is confirmed with an official fix available. No additional mitigation actions are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:1540
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-52565","CVE-2025-52881"]
- Cvss Version
- null
Threat ID: 6a16096fe29bf47b50637039
Added to database: 5/26/2026, 8:58:23 PM
Last enriched: 5/27/2026, 12:52:06 AM
Last updated: 5/27/2026, 4:52:57 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.