Description
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.

Binary-Affected: podman
Upstream-version-introduced: v4.0.0
Upstream-version-fixed: v5.6.1
Published: 2025-09-05
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Overwrite
Action: Immediate Patch
AI Analysis

Impact

The flaw permits an attacker to make podman overwrite a host file when the kube play command processes a Kubernetes YAML that mounts a Secret or ConfigMap volume containing a symbolic link to a host file path. The attacker can choose which file is overwritten but does not control the contents written into that file.

Affected Systems

Red Hat Enterprise Linux 8, 9, and 10 are affected, as are Red Hat OpenShift Container Platform versions 4.12 through 4.20, OpenShift Dev Spaces 3.24, and related enterprise services. Any environment running podman versions released between v4.0.0 and v5.6.1, with the fix applied in v5.6.1 or later, is vulnerable.

Risk and Exploitability

The CVSS score is 8.1 and the EPSS score is below 1%, indicating a low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. The likely attack requires that an attacker be able to run podman kube play against an untrusted Kubernetes YAML file; this may be confined to a local user or a container‑privileged context. Proper validation of input files reduces the attack surface.

Generated by OpenCVE AI on April 20, 2026 at 16:19 UTC.

Remediation

Vendor Workaround

Red Hat advises to not run the podman kube play command with untrusted Kubernetes YAML file as input, additionally review the Kubernetes YAML file before running it through podman may help to catch maliciously crafted secretes or volumes that may be used to exploit this vulnerability.

OpenCVE Recommended Actions

  • Update podman to version 5.6.1 or later, applying the latest Red Hat packages or errata releases that contain the fix.
  • Apply all applicable Red Hat security errata (RHSA) for the affected releases, including those cited in the vulnerability advisory.
  • Avoid running podman kube play against untrusted Kubernetes YAML files; review and validate any such files before execution to prevent malicious symbolic links.

Generated by OpenCVE AI on April 20, 2026 at 16:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27030 There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
Github GHSA Github GHSA GHSA-wp3j-xq48-xpjw podman kube play symlink traversal vulnerability
References
Link Providers
https://access.redhat.com/errata/RHBA-2025:15692 cve-icon cve-icon
https://access.redhat.com/errata/RHBA-2025:15712 cve-icon cve-icon
https://access.redhat.com/errata/RHBA-2025:16158 cve-icon cve-icon
https://access.redhat.com/errata/RHBA-2025:16163 cve-icon cve-icon
https://access.redhat.com/errata/RHEA-2025:4782 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15900 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15901 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15904 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16480 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16481 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16482 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16488 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16515 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16724 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:17669 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18217 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18218 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18240 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19002 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19041 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19046 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19094 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19894 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20909 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20983 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8211 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-9566 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2393152 cve-icon cve-icon
https://github.com/containers/podman/commit/43fbde4e665fe6cee6921868f04b7ccd3de5ad89 cve-icon cve-icon
https://github.com/containers/podman/security/advisories/GHSA-wp3j-xq48-xpjw cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-9566 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-9566 cve-icon
History

Sun, 19 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
References

Mon, 13 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Thu, 19 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
References

Mon, 16 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el8
References

Mon, 16 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Ironic
CPEs cpe:/a:redhat:openshift:4.12::el9
cpe:/a:redhat:openshift:4.18::el8
cpe:/a:redhat:openshift:4.20::el8
cpe:/a:redhat:openshift_ironic:4.20::el9
Vendors & Products Redhat openshift Ironic
References

Mon, 09 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.16::el8
cpe:/a:redhat:openshift:4.16::el9
References

Mon, 09 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.15::el8
cpe:/a:redhat:openshift:4.15::el9
References

Wed, 21 Jan 2026 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_devspaces:3:

Thu, 13 Nov 2025 10:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8
References

Tue, 11 Nov 2025 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10.1
References

Tue, 11 Nov 2025 14:15:00 +0000

Type Values Removed Values Added
References

Thu, 30 Oct 2025 07:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.20::el9
References

Thu, 30 Oct 2025 06:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el9
References

Wed, 29 Oct 2025 12:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.18::el9
References

Fri, 24 Oct 2025 00:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el9
References

Thu, 23 Oct 2025 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_devspaces:3.24::el9
References

Wed, 22 Oct 2025 06:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.19::el9
References

Wed, 22 Oct 2025 05:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el9
References

Wed, 08 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Mon, 06 Oct 2025 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhivos
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Tue, 23 Sep 2025 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
References

Tue, 23 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products Redhat rhel Eus
References

Tue, 23 Sep 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel Tus
References

Tue, 23 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
Vendors & Products Redhat rhel E4s
References

Tue, 16 Sep 2025 12:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
References

Tue, 16 Sep 2025 06:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
References

Tue, 16 Sep 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Fri, 05 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
Title podman: Podman kube play command may overwrite host files Podman: podman kube play command may overwrite host files
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Redhat openshift Devspaces
CPEs cpe:/a:redhat:openshift:4
cpe:/a:redhat:openshift_devspaces:3:
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
Redhat openshift Devspaces
References

Fri, 05 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title podman: Podman kube play command may overwrite host files
Weaknesses CWE-22
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

threat_severity

Important

Subscriptions

Redhat Enterprise Linux Hummingbird Openshift Openshift Devspaces Openshift Ironic Rhel Aus Rhel E4s Rhel Eus Rhel Tus
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-19T19:33:33.159Z

Reserved: 2025-08-27T22:17:43.489Z

Link: CVE-2025-9566

cve-icon Vulnrichment

Updated: 2025-09-05T20:16:41.981Z

cve-icon NVD

Status : Deferred

Published: 2025-09-05T20:15:36.727

Modified: 2026-04-19T20:16:23.020

Link: CVE-2025-9566

cve-icon Redhat

Severity : Important

Publid Date: 2025-09-04T00:00:00Z

Links: CVE-2025-9566 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:30:06Z

Weaknesses