CNNVD-202508-1675 Information

CNNVD ID

CNNVD-202508-1675

Related CVE

CVE-2025-54867

• CNNVD Published: 2025-08-14

Description (Chinese)

youki是youki开源的一个 Rust 中 OCI 运行时规范的实现。 youki 0.5.5之前版本存在安全漏洞，该漏洞源于符号链接处理不当，可能导致访问主机根文件系统。

Description (English)

Youki is the realization of OCI when running in a Rust from the rouki open source. There was a security gap in yourki version 0.5.5, which stemmed from the mishandling of the symbol link, which could lead to access to the host root file system.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

youki

Published

2025-08-14

Last Modified

2026-02-24

References

https://github.com/youki-dev/youki/releases/tag/v0.5.5 https://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37 https://github.com/youki-dev/youki/security/advisories/GHSA-j26p-6wx7-f3pw https://nvd.nist.gov/vuln/detail/CVE-2025-54867

Patch

https://github.com/youki-dev/youki/releases