Container Runtime Exploit in Youki by Youki Dev
CVE-2025-54867

7HIGH

Key Information:

Vendor

Youki-dev

Status
Youki
Vendor
CVE Published:
14 August 2025

What is CVE-2025-54867?

Youki, a container runtime built in Rust, exhibits a security flaw where symbolic links for /proc and /sys within the root filesystem can be maliciously exploited. This exploitation risk could allow attackers to obtain unauthorized access to the host's root filesystem. The issue has been remedied in version 0.5.5, reinforcing the importance of upgrading to safeguard against potential threats. Users of earlier versions are strongly advised to apply the latest updates to enhance system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

youki < 0.5.5

References

https://github.com/youki-dev/youki/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf9...
x_refsource_MISC
https://github.com/youki-dev/youki/releases/tag/v0.5.5
x_refsource_MISC

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.