CVE-2025-9566

HIGH EPSS 58.7%
Published Sep 5, 20259mo ago · Modified Jun 17, 20262w ago
8.1 CVSS 3.1
High
Find Similar
Published Sep 5, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1

CVSS Details

Base Score
8.1
Exploitability
2.8
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
58.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

References 32

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.