CVE-2025-62161

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Youki versions 0.5.6 and below

Description Youki is a container runtime written in Rust. Insufficient initial validation of the /dev/null source allows for container escape when bind mounting the container's /dev/null as a file mask. This occurs due to mount race conditions.

Recommendations Update to version 0.5.7 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-61CWE-363

Related Identifiers

CVE-2025-62161

GHSA-4G74-7CFF-XCV8

Affected Products

Youki

CVE-2025-62161

Weakness Enumeration

Related Identifiers

Affected Products

References · 12