CVE-2025-62161
Published: 06 November 2025
Summary
CVE-2025-62161 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Youki-Dev Youki. Its CVSS base score is 7.3 (High).
Operationally, ranked at the 16.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-37939
Vulnerability details
Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is…
more
fixed in version 0.5.7.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.