CVE-2025-9566
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-05-19
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | openshift_container_platform | 4.4 |
| redhat | openshift_container_platform | 4.5 |
| redhat | openshift_container_platform | 4.14 |
| redhat | openshift_container_platform | 4.8 |
| redhat | openshift_container_platform | 4.16 |
| redhat | openshift_container_platform | 4.3 |
| redhat | openshift_container_platform | 4.19.17 |
| redhat | openshift_container_platform | 4.10 |
| redhat | openshift_container_platform | 4.2 |
| redhat | openshift_container_platform | 4.1 |
| redhat | openshift_container_platform | 4.13.61 |
| redhat | openshift_container_platform | 4.9 |
| redhat | podman | * |
| redhat | openshift_container_platform | 4.18.27 |
| redhat | openshift_container_platform | 4.17.42 |
| redhat | openshift_container_platform | 4.7 |
| redhat | openshift_container_platform | 4.15 |
| redhat | openshift_container_platform | 4.11 |
| redhat | openshift_container_platform | 4.12 |
| redhat | openshift_container_platform | 4.6 |
| redhat | openshift_container_platform | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9566 is a vulnerability in Podman where an attacker can exploit the 'podman kube play' command to overwrite files on the host system. This happens when the Kubernetes YAML file used contains a ConfigMap or Secret volume mount that includes a symbolic link pointing to a host file. The attacker can control which host file is overwritten via the symlink, but cannot control the content written to that file, as the content is defined by the YAML configuration. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with some level of access to Podman to overwrite arbitrary files on the host system, potentially leading to system instability, denial of service, or other impacts depending on which files are overwritten. Although the attacker cannot control the content written, controlling the target file path can still be leveraged to disrupt system operations or security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking if your system is running a vulnerable version of Podman (versions from 4.0.0 up to but not including 5.6.1) and inspecting Kubernetes YAML files used with `podman kube play` for ConfigMap or Secret volume mounts that include symbolic links pointing to host file paths. You can check the Podman version with the command `podman --version`. To find potentially risky YAML files, you can search for volume mounts with symlinks by examining the YAML files manually or using commands like `grep -r 'volumeMounts' /path/to/kube/yaml/files` and then verifying if any volumes contain symlinks to host files using `find /path/to/volumes -type l -ls`. There is no direct network detection method described. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Podman to version 5.6.1 or later, where the vulnerability is fixed. Additionally, review and avoid using Kubernetes YAML files with ConfigMap or Secret volume mounts that contain symbolic links to host file paths when using `podman kube play`. Restricting user privileges to limit the ability to run `podman kube play` commands or to create such YAML configurations can also reduce risk. [1]