Yusuke Sakurai - Security Researcher - Exploit Intelligence Platform

CVE-2025-54867 WRITEUP HIGH WRITEUP

Youki <0.5.5 - Privilege Escalation

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.

CVSS 7.0

View Code

CVE-2025-62161 WRITEUP CRITICAL WRITEUP

Youki <0.5.7 - Container Escape

Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7.

CVSS 10.0

View Code

CVE-2025-62596 WRITEUP CRITICAL WRITEUP

Youki <0.5.7 - Privilege Escalation

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7.

CVSS 10.0

View Code