CVE-2025-4953
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-11

Assigner: Red Hat, Inc.

Description
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-11
Generated
2026-05-27
AI Q&A
2025-09-16
EPSS Evaluated
2026-05-25
NVD
CVE-2025-4953
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
redhat openshift_container_platform 4.18.25
redhat openshift_container_platform 4.16.49
redhat openshift_container_platform 4.12.81
redhat podman *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-378 Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Podman involves a flaw where data written to RUN --mount=type=bind mounts during a podman build is not discarded as expected. As a result, files created inside the container during the build process can appear in the temporary build context directory on the host system, making those files accessible outside the container.


How can this vulnerability impact me? :

The vulnerability can lead to sensitive or unintended files created within a container during build processes being exposed on the host system. This exposure could result in unauthorized access to confidential data or leakage of sensitive information, potentially compromising system security and privacy.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart