4.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-64750

GHSA ID

GHSA-wwrx-w7c9-rf87

EPSS Score

CWE

CWE-61

Published

12/2/2025

Updated

12/2/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-64750

CVE-2025-64750: Singluarity ineffectively applies selinux / apparmor LSM process labels

Impact

Native Mode (default)

Singularity's default native runtime allows users to apply restrictions to container processes using the apparmor or selinux Linux Security Modules (LSMs), via the --security selinux:<label> or --security apparmor:<profile> flags.

LSM labels are written to process or thread attrs/exec under /proc. If a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so that it is ineffective. This requires:

The attacker to cause the user to run a malicious container image that redirects the mount of /proc to the destination of a shared mount, either known to be configured on the target system, or that will be specified by the user when running the container.
Control of the content of the shared mount, for example through another malicious container which also binds it, or as a user with relevant permissions on the host system it is bound from.

Note that Singularity does not attempt to prevent damaging operations, or container escape, from containers that are started as the host root user. When a non-root user starts a container any LSM writes to /proc are performed as that user. For these reasons, the denial-of-service and container escape attacks detailed in runc CVE-2025-52881 are not relevant. Processes running in non-root containers are subject to the standard permissions for the non-root account used, and cannot escalate privilege, even when intended container-specific LSM labels are not correctly applied.

In addition, a bug in the detection of selinux support in Singularity's default setuid flow means that --security selinux:<label> flags may not be applied, even in the absence of an attack - but in this case a warning message is emitted, indicating that selinux is unavailable. This warning may be may be overlooked, mis-interpreted, or not seen when singularity is run from a script or other tool. Failure to apply requested restrictions should result in a fatal error, rather than a warning message.

OCI-Mode

Singularity's OCI-mode is unaffected as it does not currently support applying LSM restrictions via the --security flag.

Patches

Ineffective write of selinux process labels is addressed via an update to the containers/selinux dependency in https://github.com/sylabs/singularity/pull/3850. This update brings in the upstream fix for CVE-2025-52881 in this dependency.

Ineffective write of apparmor process labels is addressed in commit 5af3e79.

Failure to detect apparmor / selinux support, when --security flags are provided, is made an error rather than a warning in commit 2788296.

Workarounds

There are no known workarounds, other than to define system-wide apparmor / selinux policy for Singularity itself. This would apply to all containers, not just those run with the --security flags. Additionally, restrictions that are reasonable to apply to container processes may impact the functionality of Singularity.

References

Related vulnerabilities in runc:

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-64750

CVE-2025-64750:

4.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-64750

GHSA ID

GHSA-wwrx-w7c9-rf87

EPSS Score

CWE

CWE-61

Published

12/2/2025

Updated

12/2/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/sylabs/singularity/v4	go	>= 4.2.0-rc.1, < 4.3.5	4.3.5
github.com/sylabs/singularity/v4	go	< 4.1.11	4.1.11

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from Singularity's insecure handling of AppArmor and SELinux profile application, which could allow a malicious container to bypass security restrictions. The analysis of the provided patches reveals three key functions involved in this process.

apparmor.LoadProfile: This function in internal/pkg/security/apparmor/apparmor_supported.go was found to be writing the AppArmor profile to /proc/self/attr/exec without proper validation of the file path. As shown in commit 5af3e79, this could be exploited by redirecting the write, thus neutralizing the security profile. The fix involves using the pathrs-lite/procfs library to ensure the integrity of the file operation.
selinux.SetExecLabel: This function, called from security.Configure, is responsible for applying SELinux labels. The vulnerability here was not in Singularity's code itself, but in a dependency, github.com/opencontainers/selinux. Commit 52b74e59f059e931434504fc5be03e017d4d52c1 addresses this by updating the dependency to a version that fixes an ineffective label write issue (CVE-2025-52881).
security.Configure: This function in internal/pkg/security/security.go acts as the orchestrator for applying these security settings. A significant flaw, fixed in commit 2788296, was that it would only issue a warning if a requested security module (AppArmor or SELinux) was unavailable, rather than halting execution. This could lead to a container running with a false sense of security. The function is a critical part of the vulnerability chain as it calls the other vulnerable functions and its logic allowed for silent failures.

In summary, the root cause is a combination of insecure file handling when applying security profiles and insufficiently strict error handling, allowing for silent failures. The identified functions are central to the exploitation of this vulnerability and would be expected to appear in a runtime profile during such an event.

Vulnerable functions

apparmor.LoadProfile

internal/pkg/security/apparmor/apparmor_supported.go

This function was vulnerable because it attempted to write an AppArmor profile to `/proc/self/attr/exec` without verifying that the path was not a symlink or otherwise redirected. An attacker could cause this write to be redirected, preventing the AppArmor profile from being applied and thus bypassing security restrictions. The patch in commit 5af3e790c40593591dfc26d0692e4d4b21c29ba0 fixes this by using the `pathrs-lite/procfs` library to ensure the write operation targets a legitimate procfs file.

security.Configure

internal/pkg/security/security.go

This function is the central point for applying security configurations, including AppArmor and SELinux. It calls the lower-level functions (`apparmor.LoadProfile` and `selinux.SetExecLabel`) that were directly responsible for the vulnerability. A related bug was that this function would only issue a warning if a requested security module (like AppArmor or SELinux) was unavailable, allowing a container to run without the intended security profile. The patch in commit 27882963879a7af1699fd6511c3f5f1371d80f33 changes this behavior to return a fatal error, preventing silent security failures.

selinux.SetExecLabel

internal/pkg/security/security.go

This function is responsible for setting the SELinux label for the container process. It calls the `github.com/opencontainers/selinux` library to perform this action. The vulnerability existed because Singularity was using a version of this library that was susceptible to a race condition, allowing an attacker to redirect the write operation for the SELinux label, making it ineffective. The fix, shown in commit 52b74e59f059e931434504fc5be03e017d4d52c1, was to update this dependency to a patched version.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-64750: Singluarity ineffectively applies selinux / apparmor LSM process labels

Impact

Patches

Workarounds

References

CVE-2025-64750:

4.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-64750: Singluarity ineffectively applies selinux / apparmor LSM process labels

Impact

Patches

Workarounds

References

4.5

4.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI