Vulnerability in Youki-dev Youki

CVE-2025-62596

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow wri…

EPSS: 0.001 (17.5th percentile) — read the EPSS interpretation.

Affected products

Youki-dev Youki — versions < 0.5.7

Weakness classification (CWE)

References

https://github.com/youki-dev/youki/security/advisories/GHSA-vf95-55w6-qmrf (x_refsource_CONFIRM)
https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a (x_refsource_MISC)
https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs (x_refsource_MISC)
https://youtu.be/tGseJW_uBB8 (x_refsource_MISC)
https://youtu.be/y1PaBzxwRWQ (x_refsource_MISC)