CVE-2025-54867 HIGH

CVE-2025-54867: Youki Symlink Following Vulnerability

Vendor Youki-Dev
Product youki
Weakness CWE-61
Published August 14, 2025
Last update August 14, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.

Key dates

02Disclosure timeline

August 14, 2025 CVE published
August 14, 2025 Record updated