Binary-Affected: podman
Upstream-version-introduced: v4.0.0
Upstream-version-fixed: v5.6.1
Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
Red Hat advises to not run the podman kube play command with untrusted Kubernetes YAML file as input, additionally review the Kubernetes YAML file before running it through podman may help to catch maliciously crafted secretes or volumes that may be used to exploit this vulnerability.
Tue, 23 Sep 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
References |
|
Tue, 23 Sep 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Eus
|
|
CPEs | cpe:/a:redhat:rhel_eus:9.4::appstream | |
Vendors & Products |
Redhat rhel Eus
|
|
References |
|
Tue, 23 Sep 2025 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Aus
Redhat rhel Tus |
|
CPEs | cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
Vendors & Products |
Redhat rhel Aus
Redhat rhel Tus |
|
References |
|
Tue, 23 Sep 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel E4s
|
|
CPEs | cpe:/a:redhat:rhel_e4s:9.0::appstream | |
Vendors & Products |
Redhat rhel E4s
|
|
References |
|
Tue, 16 Sep 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:enterprise_linux:8::appstream | |
References |
|
Tue, 16 Sep 2025 06:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:enterprise_linux:9::appstream | |
References |
|
Tue, 16 Sep 2025 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/o:redhat:enterprise_linux:10.0 | |
References |
|
Fri, 05 Sep 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 05 Sep 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1 |
Title | podman: Podman kube play command may overwrite host files | Podman: podman kube play command may overwrite host files |
First Time appeared |
Redhat
Redhat enterprise Linux Redhat openshift Redhat openshift Devspaces |
|
CPEs | cpe:/a:redhat:openshift:4 cpe:/a:redhat:openshift_devspaces:3: cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux Redhat openshift Redhat openshift Devspaces |
|
References |
|
Fri, 05 Sep 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | podman: Podman kube play command may overwrite host files | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-09-25T18:55:45.889Z
Reserved: 2025-08-27T22:17:43.489Z
Link: CVE-2025-9566

Updated: 2025-09-05T20:16:41.981Z

Status : Awaiting Analysis
Published: 2025-09-05T20:15:36.727
Modified: 2025-09-23T22:15:34.537
Link: CVE-2025-9566


No data.