Youki Symlink Following Vulnerability_CVE-2025-54867

7 / 10

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.

Basic Information

ID CVE-2025-54867

Source GitHub_M

Published Aug 14, 2025 at 16:08

Affected Product

Vendor youki-dev

Product youki

Version < 0.5.5

Affected Versions youki-dev youki < 0.5.5

CWE Classification

CWE-61

References

{
    "lastseen": "",
    "description": "Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.",
    "published": "2025-08-14T16:08:00.622Z",
    "modified": "2025-08-14T16:08:00.622Z",
    "type": "cve",
    "title": "Youki Symlink Following Vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/youki-dev/youki/security/advisories/GHSA-j26p-6wx7-f3pw\nhttps://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37\nhttps://github.com/youki-dev/youki/releases/tag/v0.5.5",
    "id": "CVE-2025-54867",
    "bulletinFamily": "",
    "cwe": [
        "CWE-61"
    ],
    "cvelist": null,
    "sourceData": "youki-dev youki < 0.5.5",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "youki",
    "version": "< 0.5.5",
    "vendor": "youki-dev",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}