CVE-2025-9566

EUVD-2025-27030
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.

Binary-Affected: podman
Upstream-version-introduced: v4.0.0
Upstream-version-fixed: v5.6.1
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Debian logo
Debian Releases
Debian Product
Codename
libpod
bookworm
no-dsa
bullseye
no-dsa
podman
forky
5.8.2+ds1-2
fixed
sid
5.8.2+ds1-2
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
podman
suse enterprise sap 15 SP6
4.9.5-150500.3.49.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.55.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.53.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.49.1
fixed
podman-docker
suse enterprise sap 15 SP6
4.9.5-150500.3.49.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.53.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.49.1
fixed
podman-remote
suse enterprise sap 15 SP6
4.9.5-150500.3.49.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.55.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.53.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.49.1
fixed
podmansh
suse enterprise sap 15 SP6
4.9.5-150500.3.49.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.49.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.49.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
podman
RHEL 9
6:5.8.0-1.el9
fixed
podman-docker
RHEL 9
6:5.8.0-1.el9
fixed
podman-plugins
RHEL 9
6:5.8.0-1.el9
fixed
podman-remote
RHEL 9
6:5.8.0-1.el9
fixed
podman-tests
RHEL 9
6:5.8.0-1.el9
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHBA-2025:15692
https://access.redhat.com/errata/RHBA-2025:15712
https://access.redhat.com/errata/RHBA-2025:16158
https://access.redhat.com/errata/RHBA-2025:16163
https://access.redhat.com/errata/RHEA-2025:4782
https://access.redhat.com/errata/RHSA-2025:15900
https://access.redhat.com/errata/RHSA-2025:15901
https://access.redhat.com/errata/RHSA-2025:15904
https://access.redhat.com/errata/RHSA-2025:16480
https://access.redhat.com/errata/RHSA-2025:16481
https://access.redhat.com/errata/RHSA-2025:16482
https://access.redhat.com/errata/RHSA-2025:16488
https://access.redhat.com/errata/RHSA-2025:16515
https://access.redhat.com/errata/RHSA-2025:16724
https://access.redhat.com/errata/RHSA-2025:17669
https://access.redhat.com/errata/RHSA-2025:18217
https://access.redhat.com/errata/RHSA-2025:18218
https://access.redhat.com/errata/RHSA-2025:18240
https://access.redhat.com/errata/RHSA-2025:19002
https://access.redhat.com/errata/RHSA-2025:19041
https://access.redhat.com/errata/RHSA-2025:19046
https://access.redhat.com/errata/RHSA-2025:19094
https://access.redhat.com/errata/RHSA-2025:19894
https://access.redhat.com/errata/RHSA-2025:20909
https://access.redhat.com/errata/RHSA-2025:20983
https://access.redhat.com/errata/RHSA-2026:18289
https://access.redhat.com/errata/RHSA-2026:18722
https://access.redhat.com/errata/RHSA-2026:8211
https://access.redhat.com/security/cve/CVE-2025-9566
https://bugzilla.redhat.com/show_bug.cgi?id=2393152
https://github.com/containers/podman/commit/43fbde4e665fe6cee6921868f04b7ccd3de5ad89
https://github.com/containers/podman/security/advisories/GHSA-wp3j-xq48-xpjw