Is youki affected by CVE-2025-54867?

crates.io youki is affected in <0.5.5.

Is CVE-2025-54867 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

high

CVE-2025-54867

Q: Is CVE-2025-54867 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

crates.io · youki

Summary

Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem.

Severity: high
EPSS: 0.2% (p6)
Also known as: GHSA-j26p-6wx7-f3pw
Published: 2025-08-14

References

https://github.com/youki-dev/youki/security/advisories/GHSA-j26p-6wx7-f3pw
https://nvd.nist.gov/vuln/detail/CVE-2025-54867
https://github.com/youki-dev/youki/commit/0d9b4f2aa5ceaf988f3eb568711d2acf0a4ace37

Related advisories

CVE-2025-62596 — high · crates.io/youki
CVE-2025-62161 — high · crates.io/youki

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.