VYPR
High severityNVD Advisory· Published Nov 5, 2025· Updated Nov 6, 2025

youki container escape via "masked path" abuse due to mount race conditions

CVE-2025-62161

Description

Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
youkicrates.io
< 0.5.70.5.7

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.