CVE-2025-62596 - Vulnerability Details

CVE-2025-62596 - youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-vf95-55w6-qmrf	youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a
https://github.com/youki-dev/youki/security/advisories/GHSA-vf95-55w6-qmrf
https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs
https://youtu.be/tGseJW_uBB8
https://youtu.be/y1PaBzxwRWQ

History

Wed, 05 Nov 2025 23:30:00 +0000

Type	Values Removed	Values Added
Description		Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7.
Title		youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
Weaknesses		CWE-363 CWE-61
References		https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a https://github.com/youki-dev/youki/security/advisories/GHSA-vf95-55w6-qmrf https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs https://youtu.be/tGseJW_uBB8 https://youtu.be/y1PaBzxwRWQ
Metrics		cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-11-05T23:14:37.167Z

Updated: 2025-11-05T23:14:37.167Z

Reserved: 2025-10-16T19:24:37.266Z

Link: CVE-2025-62596

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-11-06T00:15:37.817

Modified: 2025-11-06T00:15:37.817

Link: CVE-2025-62596

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object