MITRE ATT&CK Technique
Description
Adversaries may break out of a container or virtualized environment to gain access to the underlying host. This can allow an adversary access to other containerized or virtualized resources from the host level or to the host itself. In principle, containerized / virtualized resources should provide a clear separation of application functionality and be isolated from the host environment.(Citation: Docker Overview) There are multiple ways an adversary may escape from a container to a host environment. Examples include creating a container configured to mount the host’s filesystem using the bind parameter, which allows the adversary to drop payloads and execute control utilities such as cron on the host; utilizing a privileged container to run commands or load a malicious kernel module on the underlying host; or abusing system calls such as `unshare` and `keyctl` to escalate privileges and steal secrets.(Citation: Docker Bind Mounts)(Citation: Trend Micro Privileged Container)(Citation: Intezer Doki July 20)(Citation: Container Escape)(Citation: Crowdstrike Kubernetes Container Escape)(Citation: Keyctl-unmask) Additionally, an adversary may be able to exploit a compromised container with a mounted container management socket, such as `docker.sock`, to break out of the container via a [Container Administration Command](https://attack.mitre.org/techniques/T1609).(Citation: Container Escape) Adversaries may also escape via [Exploitation for Privilege Escalation](https://attack.mitre.org/techniques/T1068), such as exploiting vulnerabilities in global symbolic links in order to access the root directory of a host machine.(Citation: Windows Server Containers Are Open) In ESXi environments, an adversary may exploit a vulnerability in order to escape from a virtual machine into the hypervisor.(Citation: Broadcom VMSA-2025-004) Gaining access to the host may provide the adversary with the opportunity to achieve follow-on objectives, such as establishing persistence, moving laterally within the environment, accessing other containers or virtual machines running on the host, or setting up a command and control channel on the host.
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2021-03-30T17:38:34.277Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may break out of a container or virtualized '
'environment to gain access to the underlying host. This can '
'allow an adversary access to other containerized or '
'virtualized resources from the host level or to the host '
'itself. In principle, containerized / virtualized resources '
'should provide a clear separation of application '
'functionality and be isolated from the host '
'environment.(Citation: Docker Overview)\n'
'\n'
'There are multiple ways an adversary may escape from a '
'container to a host environment. Examples include creating a '
'container configured to mount the host’s filesystem using the '
'bind parameter, which allows the adversary to drop payloads '
'and execute control utilities such as cron on the host; '
'utilizing a privileged container to run commands or load a '
'malicious kernel module on the underlying host; or abusing '
'system calls such as `unshare` and `keyctl` to escalate '
'privileges and steal secrets.(Citation: Docker Bind '
'Mounts)(Citation: Trend Micro Privileged Container)(Citation: '
'Intezer Doki July 20)(Citation: Container Escape)(Citation: '
'Crowdstrike Kubernetes Container Escape)(Citation: '
'Keyctl-unmask)\n'
'\n'
'Additionally, an adversary may be able to exploit a '
'compromised container with a mounted container management '
'socket, such as `docker.sock`, to break out of the container '
'via a [Container Administration '
'Command](https://attack.mitre.org/techniques/T1609).(Citation: '
'Container Escape) Adversaries may also escape via '
'[Exploitation for Privilege '
'Escalation](https://attack.mitre.org/techniques/T1068), such '
'as exploiting vulnerabilities in global symbolic links in '
'order to access the root directory of a host '
'machine.(Citation: Windows Server Containers Are Open)\n'
'\n'
'In ESXi environments, an adversary may exploit a '
'vulnerability in order to escape from a virtual machine into '
'the hypervisor.(Citation: Broadcom VMSA-2025-004)\n'
'\n'
'Gaining access to the host may provide the adversary with the '
'opportunity to achieve follow-on objectives, such as '
'establishing persistence, moving laterally within the '
'environment, accessing other containers or virtual machines '
'running on the host, or setting up a command and control '
'channel on the host.',
'external_references': [{'external_id': 'T1611',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1611'},
{'description': '0xn3va. (n.d.). Escaping. Retrieved '
'May 27, 2022.',
'source_name': 'Container Escape',
'url': 'https://0xn3va.gitbook.io/cheat-sheets/container/escaping'},
{'description': 'Broadcom. (2025, March 6). '
'VMSA-2025-0004: Questions & Answers. '
'Retrieved March 26, 2025.',
'source_name': 'Broadcom VMSA-2025-004',
'url': 'https://github.com/vmware/vcf-security-and-compliance-guidelines/tree/main/security-advisories/vmsa-2025-0004'},
{'description': 'Daniel Prizmant. (2020, July 15). '
'Windows Server Containers Are Open, '
"and Here's How You Can Break Out. "
'Retrieved October 1, 2021.',
'source_name': 'Windows Server Containers Are Open',
'url': 'https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabilities/'},
{'description': 'Docker. (n.d.). Docker Overview. '
'Retrieved March 30, 2021.',
'source_name': 'Docker Overview',
'url': 'https://docs.docker.com/get-started/overview/'},
{'description': 'Docker. (n.d.). Use Bind Mounts. '
'Retrieved March 30, 2021.',
'source_name': 'Docker Bind Mounts',
'url': 'https://docs.docker.com/storage/bind-mounts/'},
{'description': 'Fiser, D., Oliveira, A.. (2019, '
'December 20). Why a Privileged '
'Container in Docker is a Bad Idea. '
'Retrieved March 30, 2021.',
'source_name': 'Trend Micro Privileged Container',
'url': 'https://www.trendmicro.com/en_us/research/19/l/why-running-a-privileged-container-in-docker-is-a-bad-idea.html'},
{'description': 'Fishbein, N., Kajiloti, M.. (2020, '
'July 28). Watch Your Containers: '
'Doki Infecting Docker Servers in the '
'Cloud. Retrieved March 30, 2021.',
'source_name': 'Intezer Doki July 20',
'url': 'https://www.intezer.com/blog/cloud-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/'},
{'description': 'Manoj Ahuje. (2022, January 31). '
'CVE-2022-0185: Kubernetes Container '
'Escape Using Linux Kernel Exploit. '
'Retrieved July 6, 2022.',
'source_name': 'Crowdstrike Kubernetes Container '
'Escape',
'url': 'https://www.crowdstrike.com/blog/cve-2022-0185-kubernetes-container-escape-using-linux-kernel-exploit/'},
{'description': 'Mark Manning. (2020, July 23). '
'Keyctl-unmask: "Going Florida" on '
'The State Of Containerizing Linux '
'Keyrings. Retrieved July 6, 2022.',
'source_name': 'Keyctl-unmask',
'url': 'https://www.antitree.com/2020/07/keyctl-unmask-going-florida-on-the-state-of-containerizing-linux-keyrings/'}],
'id': 'attack-pattern--4a5b7ade-8bb5-4853-84ed-23f262002665',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'privilege-escalation'}],
'modified': '2025-10-24T17:48:44.317Z',
'name': 'Escape to Host',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_contributors': ['Yuval Avrahami, Palo Alto Networks',
'Daniel Prizmant, Palo Alto Networks',
'Alfredo Oliveira, Trend Micro',
'David Fiser, @anu4is, Trend Micro',
'Idan Frimark, Cisco',
'Magno Logan, @magnologan, Trend Micro',
'Ariel Shuper, Cisco',
'Yossi Weizman, Azure Defender Research Team',
'Vishwas Manral, McAfee',
'CrowdStrike',
'Eran Ayalon, Cybereason',
'Oren Ofer, Cybereason',
'Ilan Sokol, Cybereason',
'Joas Antonio dos Santos, @C0d3Cr4zy'],
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': False,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['Windows', 'Linux', 'Containers', 'ESXi'],
'x_mitre_version': '1.6'}