INFSA-2025:10549: podman security update
Information about definition
Identificator: INFSA-2025:10549
Type: security
Release date: 2025-07-25 10:31:56 UTC
Information about package
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Vulnerabilities description
- CVE-2025-6032
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-6032
|
no information | 8.3 | no information |
Updated packages