exploitDog

CVE-2025-54867

Опубликовано: 14 авг. 2025

Источник: nvd

CVSS3: 7

EPSS Низкий

Описание

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.

Ссылки

https://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37
Patch
https://github.com/youki-dev/youki/releases/tag/v0.5.5
Release Notes
https://github.com/youki-dev/youki/security/advisories/GHSA-j26p-6wx7-f3pw
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:youki-dev:youki:*:*:*:*:*:*:*:*

Версия до 0.5.5 (исключая)

EPSS

Процентиль: 4%

0.00018

Низкий

7 High

CVSS3

Дефекты

CWE-61

Связанные уязвимости

GHSA-j26p-6wx7-f3pw

CVSS3: 7

github

6 месяцев назад

Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem.

EPSS

Процентиль: 4%

0.00018

Низкий

7 High

CVSS3

Дефекты

CWE-61