Home

Description

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1

PUBLISHED Reserved 2025-08-27 | Published 2025-09-05 | Updated 2025-10-08 | Assigner redhat




HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
affected

6:5.4.0-13.el10_0 (rpm) before *
unaffected

Default status
affected

8100020250911075811.afee755d (rpm) before *
unaffected

Default status
affected

8060020250919150821.3b538bd8 (rpm) before *
unaffected

Default status
affected

8060020250919150821.3b538bd8 (rpm) before *
unaffected

Default status
affected

8060020250919150821.3b538bd8 (rpm) before *
unaffected

Default status
affected

8080020250919060528.0f77c1b7 (rpm) before *
unaffected

Default status
affected

8080020250919060528.0f77c1b7 (rpm) before *
unaffected

Default status
affected

5:5.4.0-13.el9_6 (rpm) before *
unaffected

Default status
affected

2:4.2.0-6.el9_0.5 (rpm) before *
unaffected

Default status
affected

2:4.4.1-22.el9_2.4 (rpm) before *
unaffected

Default status
affected

4:4.9.4-18.el9_4.3 (rpm) before *
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2025-09-04:Reported to Red Hat.
2025-09-04:Made public.

Credits

This issue was discovered by Paul Holzinger (Red Hat).

References

access.redhat.com/errata/RHSA-2025:15900 (RHSA-2025:15900) vendor-advisory

access.redhat.com/errata/RHSA-2025:15901 (RHSA-2025:15901) vendor-advisory

access.redhat.com/errata/RHSA-2025:15904 (RHSA-2025:15904) vendor-advisory

access.redhat.com/errata/RHSA-2025:16480 (RHSA-2025:16480) vendor-advisory

access.redhat.com/errata/RHSA-2025:16481 (RHSA-2025:16481) vendor-advisory

access.redhat.com/errata/RHSA-2025:16482 (RHSA-2025:16482) vendor-advisory

access.redhat.com/errata/RHSA-2025:16488 (RHSA-2025:16488) vendor-advisory

access.redhat.com/errata/RHSA-2025:16515 (RHSA-2025:16515) vendor-advisory

access.redhat.com/security/cve/CVE-2025-9566 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2393152 (RHBZ#2393152) issue-tracking

cve.org (CVE-2025-9566)

nvd.nist.gov (CVE-2025-9566)

Download JSON