VYPR
High severity8.1OSV Advisory· Published Sep 5, 2025· Updated May 19, 2026

CVE-2025-9566

CVE-2025-9566

Description

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.

Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/containers/podman/v5Go
< 5.6.15.6.1
github.com/containers/podman/v4Go
<= 4.9.5

Affected products

79

Patches

Vulnerability mechanics

References

34

News mentions

0

No linked articles in our index yet.