There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.

Binary-Affected: podman
Upstream-version-introduced: v4.0.0
Upstream-version-fixed: v5.6.1
History

Fri, 05 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 05 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
Title podman: Podman kube play command may overwrite host files Podman: podman kube play command may overwrite host files
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Redhat openshift Devspaces
CPEs cpe:/a:redhat:openshift:4
cpe:/a:redhat:openshift_devspaces:3:
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
Redhat openshift Devspaces
References

Fri, 05 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title podman: Podman kube play command may overwrite host files
Weaknesses CWE-22
References
Metrics threat_severity

None

cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

threat_severity

Important


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-05T20:16:46.977Z

Reserved: 2025-08-27T22:17:43.489Z

Link: CVE-2025-9566

cve-icon Vulnrichment

Updated: 2025-09-05T20:16:41.981Z

cve-icon NVD

Status : Received

Published: 2025-09-05T20:15:36.727

Modified: 2025-09-05T20:15:36.727

Link: CVE-2025-9566

cve-icon Redhat

Severity : Important

Publid Date: 2025-09-04T00:00:00Z

Links: CVE-2025-9566 - Bugzilla

cve-icon OpenCVE Enrichment

No data.