There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.

Binary-Affected: podman
Upstream-version-introduced: v4.0.0
Upstream-version-fixed: v5.6.1
Fixes

Solution

No solution given by the vendor.


Workaround

Red Hat advises to not run the podman kube play command with untrusted Kubernetes YAML file as input, additionally review the Kubernetes YAML file before running it through podman may help to catch maliciously crafted secretes or volumes that may be used to exploit this vulnerability.

History

Tue, 23 Sep 2025 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
References

Tue, 23 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products Redhat rhel Eus
References

Tue, 23 Sep 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel Tus
References

Tue, 23 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
Vendors & Products Redhat rhel E4s
References

Tue, 16 Sep 2025 12:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
References

Tue, 16 Sep 2025 06:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
References

Tue, 16 Sep 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Fri, 05 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 05 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
Title podman: Podman kube play command may overwrite host files Podman: podman kube play command may overwrite host files
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Redhat openshift Devspaces
CPEs cpe:/a:redhat:openshift:4
cpe:/a:redhat:openshift_devspaces:3:
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
Redhat openshift Devspaces
References

Fri, 05 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title podman: Podman kube play command may overwrite host files
Weaknesses CWE-22
References
Metrics threat_severity

None

cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

threat_severity

Important


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T18:55:45.889Z

Reserved: 2025-08-27T22:17:43.489Z

Link: CVE-2025-9566

cve-icon Vulnrichment

Updated: 2025-09-05T20:16:41.981Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-05T20:15:36.727

Modified: 2025-09-23T22:15:34.537

Link: CVE-2025-9566

cve-icon Redhat

Severity : Important

Publid Date: 2025-09-04T00:00:00Z

Links: CVE-2025-9566 - Bugzilla

cve-icon OpenCVE Enrichment

No data.