8.1

CVE-2025-9566

Podman: podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.

Binary-Affected: podman
Upstream-version-introduced: v4.0.0
Upstream-version-fixed: v5.6.1
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/containers/podman
Paket podman
Default Statusunaffected
Version 4.0.0
Version < 5.6.1
Status affected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusaffected
Version 6:5.4.0-13.el10_0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusaffected
Version 7:5.6.0-5.el10_1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusaffected
Version 7:5.8.0-2.el10
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 8100020250911075811.afee755d
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 8060020250919150821.3b538bd8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Default Statusaffected
Version 8060020250919150821.3b538bd8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Default Statusaffected
Version 8060020250919150821.3b538bd8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 8080020250919060528.0f77c1b7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 8080020250919060528.0f77c1b7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 5:5.4.0-13.el9_6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 6:5.6.0-6.el9_7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 6:5.8.0-1.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version 2:4.2.0-6.el9_0.5
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Default Statusaffected
Version 2:4.4.1-22.el9_2.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version 4:4.9.4-18.el9_4.3
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.12
Default Statusaffected
Version 0:4.18.0-372.164.1.el8_6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.12
Default Statusaffected
Version 0:4.18.0-372.164.1.rt7.325.el8_6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.12
Default Statusaffected
Version 3:4.2.0-15.rhaos4.12.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.12
Default Statusaffected
Version 412.86.202510291903-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.13
Default Statusaffected
Version 413.92.202510150118-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.14
Default Statusaffected
Version 0:5.14.0-284.138.1.el9_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.14
Default Statusaffected
Version 0:5.14.0-284.138.1.rt14.423.el9_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.14
Default Statusaffected
Version 3:4.4.1-23.rhaos4.14.el8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.14
Default Statusaffected
Version 414.92.202510211419-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.15
Default Statusaffected
Version 0:5.14.0-284.138.1.el9_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.15
Default Statusaffected
Version 0:5.14.0-284.138.1.rt14.423.el9_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.15
Default Statusaffected
Version 3:4.4.1-35.rhaos4.15.el8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.16
Default Statusaffected
Version 4:2.237.0-2.rhaos4.16.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.16
Default Statusaffected
Version 0:4.16.0-202509111927.p2.gf3d9123.assembly.stream.el8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.16
Default Statusaffected
Version 4:4.9.4-16.rhaos4.16.el8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.17
Default Statusaffected
Version 417.94.202510112152-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.18
Default Statusaffected
Version 4:2.237.0-1.rhaos4.18.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.18
Default Statusaffected
Version 0:1.31.12-3.rhaos4.18.gitdc59c78.el8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.18
Default Statusaffected
Version 0:5.14.0-427.87.1.el9_4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.18
Default Statusaffected
Version 0:4.18.0-202509090932.p2.ga4cad44.assembly.stream.el8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.18
Default Statusaffected
Version 0:4.18.0-202509011551.p2.g018e43a.assembly.stream.el8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.18
Default Statusaffected
Version 5:5.2.2-11.rhaos4.18.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.18
Default Statusaffected
Version 418.94.202510230424-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.19
Default Statusaffected
Version 4:2.237.0-1.rhaos4.19.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.19
Default Statusaffected
Version 0:1.32.8-3.rhaos4.19.git60d4e21.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.19
Default Statusaffected
Version 0:4.19.0-202509070341.p2.gb5229e8.assembly.stream.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.19
Default Statusaffected
Version 5:5.4.0-7.rhaos4.19.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.19
Default Statusaffected
Version 4.19.9.6.202510140714-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.20
Default Statusaffected
Version 5:5.4.0-12.rhaos4.20.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.20
Default Statusaffected
Version 4.20.9.6.202510220229-0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Hardened Images
Default Statusaffected
Version 5.8.2-1.hum1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Dev Spaces (RHOSDS) 3.24
Default Statusaffected
Version 3.24-1760921292
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Dev Spaces (RHOSDS) 3.24
Default Statusaffected
Version 3.24-1761160160
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.01% 0.585
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://access.redhat.com/security/cve/CVE-2025-9566
https://bugzilla.redhat.com/show_bug.cgi?id=2393152
https://access.redhat.com/errata/RHSA-2025:15900
https://access.redhat.com/errata/RHSA-2025:15901
https://access.redhat.com/errata/RHSA-2025:15904
https://access.redhat.com/errata/RHSA-2025:16480
https://access.redhat.com/errata/RHSA-2025:16482
https://access.redhat.com/errata/RHSA-2025:16481
https://access.redhat.com/errata/RHSA-2025:16488
https://access.redhat.com/errata/RHSA-2025:16515
https://access.redhat.com/errata/RHSA-2025:16724
https://access.redhat.com/errata/RHSA-2025:17669
https://access.redhat.com/errata/RHSA-2025:18218
https://access.redhat.com/errata/RHSA-2025:18217
https://access.redhat.com/errata/RHSA-2025:19094
https://access.redhat.com/errata/RHSA-2025:18240
https://access.redhat.com/errata/RHSA-2025:19046
https://access.redhat.com/errata/RHSA-2025:19041
https://access.redhat.com/errata/RHSA-2025:19002
https://access.redhat.com/errata/RHSA-2025:20909
https://access.redhat.com/errata/RHSA-2025:20983
https://access.redhat.com/errata/RHSA-2025:19894
https://access.redhat.com/errata/RHBA-2025:16158
https://access.redhat.com/errata/RHBA-2025:15692
https://access.redhat.com/errata/RHBA-2025:15712
https://access.redhat.com/errata/RHEA-2025:4782
https://access.redhat.com/errata/RHBA-2025:16163
https://github.com/containers/podman/commit/43fbde4e665fe6cee6921868f04b7ccd3de5ad89
https://github.com/containers/podman/security/advisories/GHSA-wp3j-xq48-xpjw
https://access.redhat.com/errata/RHSA-2026:8211
https://access.redhat.com/errata/RHSA-2026:18289
https://access.redhat.com/errata/RHSA-2026:18722