Search criteria
11 vulnerabilities found for youki by youki-dev
FKIE_CVE-2025-62596
Vulnerability from fkie_nvd - Published: 2025-11-06 00:15 - Updated: 2025-11-10 17:58
Severity ?
Summary
Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:youki-dev:youki:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "8ABEC689-758E-4D49-AFC4-6C640532D120",
"versionEndExcluding": "0.5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki\u2019s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7."
}
],
"id": "CVE-2025-62596",
"lastModified": "2025-11-10T17:58:27.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-11-06T00:15:37.817",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-vf95-55w6-qmrf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://youtu.be/tGseJW_uBB8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://youtu.be/y1PaBzxwRWQ"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-61"
},
{
"lang": "en",
"value": "CWE-363"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-62161
Vulnerability from fkie_nvd - Published: 2025-11-06 00:15 - Updated: 2025-11-10 18:13
Severity ?
Summary
Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:youki-dev:youki:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "8ABEC689-758E-4D49-AFC4-6C640532D120",
"versionEndExcluding": "0.5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container\u0027s /dev/null as a file mask. This issue is fixed in version 0.5.7."
}
],
"id": "CVE-2025-62161",
"lastModified": "2025-11-10T18:13:27.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-11-06T00:15:36.760",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-61"
},
{
"lang": "en",
"value": "CWE-363"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-54867
Vulnerability from fkie_nvd - Published: 2025-08-14 16:15 - Updated: 2025-11-10 17:50
Severity ?
Summary
Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:youki-dev:youki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB306AA-E666-448F-BEEA-222E01169DED",
"versionEndExcluding": "0.5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5."
},
{
"lang": "es",
"value": "Youki es un entorno de ejecuci\u00f3n de contenedores escrito en Rust. Antes de la versi\u00f3n 0.5.5, si /proc y /sys en rootfs eran enlaces simb\u00f3licos, pod\u00edan explotarse para acceder al sistema de archivos ra\u00edz del host. Este problema se ha corregido en la versi\u00f3n 0.5.5."
}
],
"id": "CVE-2025-54867",
"lastModified": "2025-11-10T17:50:01.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-14T16:15:39.933",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/youki-dev/youki/releases/tag/v0.5.5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-j26p-6wx7-f3pw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-61"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2025-62596 (GCVE-0-2025-62596)
Vulnerability from cvelistv5 – Published: 2025-11-05 23:14 – Updated: 2025-11-06 16:54
VLAI?
Title
youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
Summary
Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T16:54:08.273724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T16:54:15.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youki",
"vendor": "youki-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki\u2019s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-363",
"description": "CWE-363: Race Condition Enabling Link Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T23:14:37.167Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/youki-dev/youki/security/advisories/GHSA-vf95-55w6-qmrf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-vf95-55w6-qmrf"
},
{
"name": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a"
},
{
"name": "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs",
"tags": [
"x_refsource_MISC"
],
"url": "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs"
},
{
"name": "https://youtu.be/tGseJW_uBB8",
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/tGseJW_uBB8"
},
{
"name": "https://youtu.be/y1PaBzxwRWQ",
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/y1PaBzxwRWQ"
}
],
"source": {
"advisory": "GHSA-vf95-55w6-qmrf",
"discovery": "UNKNOWN"
},
"title": "youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62596",
"datePublished": "2025-11-05T23:14:37.167Z",
"dateReserved": "2025-10-16T19:24:37.266Z",
"dateUpdated": "2025-11-06T16:54:15.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62161 (GCVE-0-2025-62161)
Vulnerability from cvelistv5 – Published: 2025-11-05 23:09 – Updated: 2025-11-06 21:20
VLAI?
Title
youki container escape via "masked path" abuse due to mount race conditions
Summary
Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T21:20:10.358215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:20:19.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youki",
"vendor": "youki-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container\u0027s /dev/null as a file mask. This issue is fixed in version 0.5.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-363",
"description": "CWE-363: Race Condition Enabling Link Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T23:09:09.014Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8"
},
{
"name": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8"
},
{
"name": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a"
}
],
"source": {
"advisory": "GHSA-4g74-7cff-xcv8",
"discovery": "UNKNOWN"
},
"title": "youki container escape via \"masked path\" abuse due to mount race conditions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62161",
"datePublished": "2025-11-05T23:09:09.014Z",
"dateReserved": "2025-10-07T16:12:03.424Z",
"dateUpdated": "2025-11-06T21:20:19.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54867 (GCVE-0-2025-54867)
Vulnerability from cvelistv5 – Published: 2025-08-14 16:08 – Updated: 2025-08-14 19:26
VLAI?
Title
Youki Symlink Following Vulnerability
Summary
Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.
Severity ?
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T18:43:03.915598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T19:26:11.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youki",
"vendor": "youki-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T16:08:00.622Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/youki-dev/youki/security/advisories/GHSA-j26p-6wx7-f3pw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-j26p-6wx7-f3pw"
},
{
"name": "https://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37"
},
{
"name": "https://github.com/youki-dev/youki/releases/tag/v0.5.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/releases/tag/v0.5.5"
}
],
"source": {
"advisory": "GHSA-j26p-6wx7-f3pw",
"discovery": "UNKNOWN"
},
"title": "Youki Symlink Following Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54867",
"datePublished": "2025-08-14T16:08:00.622Z",
"dateReserved": "2025-07-31T17:23:33.472Z",
"dateUpdated": "2025-08-14T19:26:11.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27612 (GCVE-0-2025-27612)
Vulnerability from cvelistv5 – Published: 2025-03-21 14:24 – Updated: 2025-03-21 15:20
VLAI?
Title
Libcontainer is affected by capabilities elevation
Summary
libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder.
Severity ?
5.9 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T15:19:54.521787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T15:20:00.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youki",
"vendor": "youki-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:24:28.756Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/youki-dev/youki/security/advisories/GHSA-5w4j-f78p-4wh9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-5w4j-f78p-4wh9"
},
{
"name": "https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66"
},
{
"name": "https://github.com/youki-dev/youki/commit/747e342d2026fbf3a395db3e2a491ebef00082f1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/commit/747e342d2026fbf3a395db3e2a491ebef00082f1"
},
{
"name": "https://github.com/youki-dev/youki/blob/9e63fa4da1672a78ca45100f3059a732784a5174/crates/libcontainer/src/container/tenant_builder.rs#L408",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/blob/9e63fa4da1672a78ca45100f3059a732784a5174/crates/libcontainer/src/container/tenant_builder.rs#L408"
}
],
"source": {
"advisory": "GHSA-5w4j-f78p-4wh9",
"discovery": "UNKNOWN"
},
"title": "Libcontainer is affected by capabilities elevation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27612",
"datePublished": "2025-03-21T14:24:28.756Z",
"dateReserved": "2025-03-03T15:10:34.079Z",
"dateUpdated": "2025-03-21T15:20:00.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62596 (GCVE-0-2025-62596)
Vulnerability from nvd – Published: 2025-11-05 23:14 – Updated: 2025-11-06 16:54
VLAI?
Title
youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
Summary
Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T16:54:08.273724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T16:54:15.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youki",
"vendor": "youki-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki\u2019s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-363",
"description": "CWE-363: Race Condition Enabling Link Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T23:14:37.167Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/youki-dev/youki/security/advisories/GHSA-vf95-55w6-qmrf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-vf95-55w6-qmrf"
},
{
"name": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a"
},
{
"name": "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs",
"tags": [
"x_refsource_MISC"
],
"url": "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs"
},
{
"name": "https://youtu.be/tGseJW_uBB8",
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/tGseJW_uBB8"
},
{
"name": "https://youtu.be/y1PaBzxwRWQ",
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/y1PaBzxwRWQ"
}
],
"source": {
"advisory": "GHSA-vf95-55w6-qmrf",
"discovery": "UNKNOWN"
},
"title": "youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62596",
"datePublished": "2025-11-05T23:14:37.167Z",
"dateReserved": "2025-10-16T19:24:37.266Z",
"dateUpdated": "2025-11-06T16:54:15.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62161 (GCVE-0-2025-62161)
Vulnerability from nvd – Published: 2025-11-05 23:09 – Updated: 2025-11-06 21:20
VLAI?
Title
youki container escape via "masked path" abuse due to mount race conditions
Summary
Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T21:20:10.358215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:20:19.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youki",
"vendor": "youki-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container\u0027s /dev/null as a file mask. This issue is fixed in version 0.5.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-363",
"description": "CWE-363: Race Condition Enabling Link Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T23:09:09.014Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8"
},
{
"name": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8"
},
{
"name": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a"
}
],
"source": {
"advisory": "GHSA-4g74-7cff-xcv8",
"discovery": "UNKNOWN"
},
"title": "youki container escape via \"masked path\" abuse due to mount race conditions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62161",
"datePublished": "2025-11-05T23:09:09.014Z",
"dateReserved": "2025-10-07T16:12:03.424Z",
"dateUpdated": "2025-11-06T21:20:19.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54867 (GCVE-0-2025-54867)
Vulnerability from nvd – Published: 2025-08-14 16:08 – Updated: 2025-08-14 19:26
VLAI?
Title
Youki Symlink Following Vulnerability
Summary
Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.
Severity ?
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T18:43:03.915598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T19:26:11.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youki",
"vendor": "youki-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T16:08:00.622Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/youki-dev/youki/security/advisories/GHSA-j26p-6wx7-f3pw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-j26p-6wx7-f3pw"
},
{
"name": "https://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37"
},
{
"name": "https://github.com/youki-dev/youki/releases/tag/v0.5.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/releases/tag/v0.5.5"
}
],
"source": {
"advisory": "GHSA-j26p-6wx7-f3pw",
"discovery": "UNKNOWN"
},
"title": "Youki Symlink Following Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54867",
"datePublished": "2025-08-14T16:08:00.622Z",
"dateReserved": "2025-07-31T17:23:33.472Z",
"dateUpdated": "2025-08-14T19:26:11.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27612 (GCVE-0-2025-27612)
Vulnerability from nvd – Published: 2025-03-21 14:24 – Updated: 2025-03-21 15:20
VLAI?
Title
Libcontainer is affected by capabilities elevation
Summary
libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder.
Severity ?
5.9 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T15:19:54.521787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T15:20:00.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youki",
"vendor": "youki-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:24:28.756Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/youki-dev/youki/security/advisories/GHSA-5w4j-f78p-4wh9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-5w4j-f78p-4wh9"
},
{
"name": "https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66"
},
{
"name": "https://github.com/youki-dev/youki/commit/747e342d2026fbf3a395db3e2a491ebef00082f1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/commit/747e342d2026fbf3a395db3e2a491ebef00082f1"
},
{
"name": "https://github.com/youki-dev/youki/blob/9e63fa4da1672a78ca45100f3059a732784a5174/crates/libcontainer/src/container/tenant_builder.rs#L408",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/youki-dev/youki/blob/9e63fa4da1672a78ca45100f3059a732784a5174/crates/libcontainer/src/container/tenant_builder.rs#L408"
}
],
"source": {
"advisory": "GHSA-5w4j-f78p-4wh9",
"discovery": "UNKNOWN"
},
"title": "Libcontainer is affected by capabilities elevation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27612",
"datePublished": "2025-03-21T14:24:28.756Z",
"dateReserved": "2025-03-03T15:10:34.079Z",
"dateUpdated": "2025-03-21T15:20:00.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}