VDB

CVE-2025-27612

CVE-2025-27612 PUBLISHED CVSS 5.900000095367432 MEDIUM

libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder.

EPSS 0.05% · 14.6th percentile

Risk Scores

CVSS v3.1
5.900000095367432
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.05%
14.6th percentile

Affected Products

VendorProductVersions
youki-devyouki< 0.5.3, < 0.5.3
crates.iolibcontainer0, 0

Timeline

  • Jan 21, 1970 Security Advisory
  • Mar 21, 2025 CVE Published
  • Mar 21, 2025 Coalition ESS Score
  • Mar 21, 2025 PoC Published
  • Mar 22, 2025 EPSS Score
  • Apr 4, 2025 EPSS Score
  • Apr 13, 2025 Coalition ESS Score
  • Apr 17, 2025 EPSS Score
  • May 1, 2025 EPSS Score
  • May 14, 2025 EPSS Score
  • May 27, 2025 EPSS Score
  • Jun 9, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›