What is CVE-2025-27612?

CVE-2025-27612 is a medium-severity vulnerability in Youki-dev Youki, classified under Incorrect Default Permissions. CVSS score: 5.9/10. Published 2025-03-21.

How severe is CVE-2025-27612?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Youki-dev Youki

CVE-2025-27612

libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given c…

EPSS: 0.000 (14.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Youki-dev Youki — versions < 0.5.3

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

References

https://github.com/youki-dev/youki/security/advisories/GHSA-5w4j-f78p-4wh9 (x_refsource_CONFIRM)
https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 (x_refsource_MISC)
https://github.com/youki-dev/youki/commit/747e342d2026fbf3a395db3e2a491ebef00082f1 (x_refsource_MISC)
https://github.com/youki-dev/youki/blob/9e63fa4da1672a78ca45100f3059a732784a5174/crates/libcontainer/src/container/tenant_builder.rs#L408 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-27612?: CVE-2025-27612 is a medium-severity vulnerability in Youki-dev Youki, classified under Incorrect Default Permissions. CVSS score: 5.9/10. Published 2025-03-21.
How severe is CVE-2025-27612?: Medium severity. CVSS v3 base score is 5.9 out of 10.