CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:15900
https://access.redhat.com/errata/RHSA-2025:15901
https://access.redhat.com/errata/RHSA-2025:15904
https://access.redhat.com/errata/RHSA-2025:16480
https://access.redhat.com/errata/RHSA-2025:16481
https://access.redhat.com/errata/RHSA-2025:16482
https://access.redhat.com/errata/RHSA-2025:16488
https://access.redhat.com/errata/RHSA-2025:16515
https://access.redhat.com/errata/RHSA-2025:18217
https://access.redhat.com/errata/RHSA-2025:18218
https://access.redhat.com/errata/RHSA-2025:18240
https://access.redhat.com/errata/RHSA-2025:19002
https://access.redhat.com/errata/RHSA-2025:19041
https://access.redhat.com/errata/RHSA-2025:19046
https://access.redhat.com/errata/RHSA-2025:19094
https://access.redhat.com/errata/RHSA-2025:19894
https://access.redhat.com/errata/RHSA-2025:20909
https://access.redhat.com/errata/RHSA-2025:20983
https://access.redhat.com/security/cve/CVE-2025-9566
https://bugzilla.redhat.com/show_bug.cgi?id=2393152

Configurations

No configuration.

History

13 Nov 2025, 10:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:19894 -

11 Nov 2025, 21:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:20983 -

11 Nov 2025, 14:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:20909 -

30 Oct 2025, 07:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:19002 -

30 Oct 2025, 06:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:19041 -

29 Oct 2025, 13:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:19046 -

24 Oct 2025, 00:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:18240 -

23 Oct 2025, 21:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:19094 -

22 Oct 2025, 07:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:18217 -

22 Oct 2025, 06:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:18218 -

23 Sep 2025, 22:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:16488 - () https://access.redhat.com/errata/RHSA-2025:16515 -

23 Sep 2025, 17:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:16481 -

23 Sep 2025, 16:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:16482 -

23 Sep 2025, 14:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:16480 -

16 Sep 2025, 12:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:15900 - () https://access.redhat.com/errata/RHSA-2025:15901 - () https://access.redhat.com/errata/RHSA-2025:15904 -

05 Sep 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-05 20:15

Updated : 2025-11-13 10:15

NVD link : CVE-2025-9566

Mitre link : CVE-2025-9566

CVE.ORG link : CVE-2025-9566

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

8.1 /10