INFSA-2025:15901: podman security update
Information about definition
Identificator: INFSA-2025:15901
Type: security
Release date: 2025-09-19 16:32:53 UTC
Information about package
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Vulnerabilities description
- CVE-2025-9566
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-9566
|
no information | 8.1 | no information |
Updated packages
Preparing to download...