CVE-2025-54867

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-54867

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54867.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-54867

Aliases

GHSA-j26p-6wx7-f3pw

Published

2025-08-14T16:15:39Z

Modified

2025-08-16T13:00:06.398038Z

Summary

[none]

Details

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.

References

Affected packages

Git / github.com/youki-dev/youki

Affected ranges

Type: GIT
Repo: https://github.com/youki-dev/youki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37

Fixed

cfb492b029e7b71b80d1fed9705e8e8b387af6e0

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.1.0

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.4.0

v0.4.1

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4