ByteOS Network

NVD Vulnerability Details :

CVE-2025-54867

Analyzed

Source-security-advisories@github.com

Published At-14 Aug, 2025 | 16:15

Updated At-10 Nov, 2025 | 17:50

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.0	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

youki-dev>>youki>>Versions before 0.5.5(exclusive)

cpe:2.3:a:youki-dev:youki:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-61	Primary	security-advisories@github.com

CWE ID: CWE-61

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37	security-advisories@github.com	Patch
https://github.com/youki-dev/youki/releases/tag/v0.5.5	security-advisories@github.com	Release Notes
https://github.com/youki-dev/youki/security/advisories/GHSA-j26p-6wx7-f3pw	security-advisories@github.com	Vendor Advisory

Hyperlink: https://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37

Source: security-advisories@github.com

Resource:

Patch

Hyperlink: https://github.com/youki-dev/youki/releases/tag/v0.5.5

Source: security-advisories@github.com

Resource:

Release Notes

Hyperlink: https://github.com/youki-dev/youki/security/advisories/GHSA-j26p-6wx7-f3pw

Source: security-advisories@github.com

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History