cbcvebase.

Youki-Dev Youki vulnerabilities

4 known vulnerabilities affecting youki-dev/youki.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2

Vulnerabilities

Page 1 of 1
CVE-2025-62596P3CRITICALCVSS 10.0fixed in 0.5.72025-11-06
CVE-2025-62596 [CRITICAL] CWE-61 CVE-2025-62596: Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can subs
ghsanvdosv
CVE-2025-62161P3CRITICALCVSS 10.0fixed in 0.5.72025-11-06
CVE-2025-62161 [CRITICAL] CWE-61 CVE-2025-62161: Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7.
ghsanvdosv
CVE-2022-29162P3HIGHCVSS 7.8fixed in 0.5.32022-05-17
CVE-2022-29162 [HIGH] CWE-276 CVE-2022-29162: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate tho
nvd
CVE-2025-54867P4HIGHCVSS 7.0fixed in 0.5.52025-08-14
CVE-2025-54867 [HIGH] CWE-61 CVE-2025-54867: Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootf Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.
ghsanvdosv
Youki-Dev Youki vulnerabilities | cvebase