CVE-2025-9566 - Vulnerability Details

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Openshift Openshift Devspaces Rhel Aus Rhel E4s Rhel Eus Rhel Tus

No data.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:15900
https://access.redhat.com/errata/RHSA-2025:15901
https://access.redhat.com/errata/RHSA-2025:15904
https://access.redhat.com/errata/RHSA-2025:16480
https://access.redhat.com/errata/RHSA-2025:16481
https://access.redhat.com/errata/RHSA-2025:16482
https://access.redhat.com/errata/RHSA-2025:16488
https://access.redhat.com/errata/RHSA-2025:16515
https://access.redhat.com/errata/RHSA-2025:18217
https://access.redhat.com/errata/RHSA-2025:18218
https://access.redhat.com/errata/RHSA-2025:18240
https://access.redhat.com/errata/RHSA-2025:19094
https://access.redhat.com/security/cve/CVE-2025-9566
https://bugzilla.redhat.com/show_bug.cgi?id=2393152
https://nvd.nist.gov/vuln/detail/CVE-2025-9566
https://www.cve.org/CVERecord?id=CVE-2025-9566

History

Fri, 24 Oct 2025 00:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.13::el9
References		https://access.redhat.com/errata/RHSA-2025:18240

Thu, 23 Oct 2025 20:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift_devspaces:3.24::el9
References		https://access.redhat.com/errata/RHSA-2025:19094

Wed, 22 Oct 2025 06:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.19::el9
References		https://access.redhat.com/errata/RHSA-2025:18217

Wed, 22 Oct 2025 05:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.17::el9
References		https://access.redhat.com/errata/RHSA-2025:18218

Wed, 08 Oct 2025 14:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:rhivos:1~~
Vendors & Products	Redhat rhivos

Mon, 06 Oct 2025 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhivos
CPEs		cpe:/o:redhat:rhivos:1
Vendors & Products		Redhat rhivos

Tue, 23 Sep 2025 22:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
References		https://access.redhat.com/errata/RHSA-2025:16488 https://access.redhat.com/errata/RHSA-2025:16515

Tue, 23 Sep 2025 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:16481

Tue, 23 Sep 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products		Redhat rhel Aus Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:16482

Tue, 23 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream
Vendors & Products		Redhat rhel E4s
References		https://access.redhat.com/errata/RHSA-2025:16480

Tue, 16 Sep 2025 12:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream
References		https://access.redhat.com/errata/RHSA-2025:15904

Tue, 16 Sep 2025 06:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream
References		https://access.redhat.com/errata/RHSA-2025:15900

Tue, 16 Sep 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:10~~	cpe:/o:redhat:enterprise_linux:10.0
References		https://access.redhat.com/errata/RHSA-2025:15901

Fri, 05 Sep 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 05 Sep 2025 20:15:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
Title	podman: Podman kube play command may overwrite host files	Podman: podman kube play command may overwrite host files
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift Redhat openshift Devspaces
CPEs		cpe:/a:redhat:openshift:4 cpe:/a:redhat:openshift_devspaces:3: cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift Redhat openshift Devspaces
References		https://access.redhat.com/security/cve/CVE-2025-9566 https://bugzilla.redhat.com/show_bug.cgi?id=2393152

Fri, 05 Sep 2025 00:15:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		podman: Podman kube play command may overwrite host files
Weaknesses		CWE-22
References		https://nvd.nist.gov/vuln/detail/CVE-2025-9566 https://www.cve.org/CVERecord?id=CVE-2025-9566
Metrics	threat_severity `None`	cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}` threat_severity `Important`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-09-05T19:54:30.503Z

Updated: 2025-10-23T23:47:08.193Z

Reserved: 2025-08-27T22:17:43.489Z

Link: CVE-2025-9566

Vulnrichment

Updated: 2025-09-05T20:16:41.981Z

NVD

Status : Awaiting Analysis

Published: 2025-09-05T20:15:36.727

Modified: 2025-10-24T00:15:49.483

Link: CVE-2025-9566

Redhat

Severity : Important

Publid Date: 2025-09-04T00:00:00Z

Links: CVE-2025-9566 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object