CVE-2025-6032

{"id": "CVE-2025-6032", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.6}]}, "published": "2025-06-24T14:15:30.703", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9726", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9751", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9766", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-6032", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372501", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Podman. El comando podman machine init no verifica el certificado TLS al descargar im\u00e1genes de m\u00e1quinas virtuales desde un registro OCI. Este problema provoca un ataque de intermediario (Man in the Middle)."}], "lastModified": "2025-07-02T08:15:57.507", "sourceIdentifier": "secalert@redhat.com"}