CVE-2025-62596

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youkis apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7.
Symlink
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
GitHub_MCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
youki-devyouki
𝑥
< 0.5.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a
https://github.com/youki-dev/youki/security/advisories/GHSA-vf95-55w6-qmrf
https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs
https://youtu.be/tGseJW_uBB8
https://youtu.be/y1PaBzxwRWQ