Description

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1

INFO

Published Date :

2025-09-05T19:54:30.503Z

Last Modified :

2026-04-19T19:33:33.159Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-9566 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Hummingbird
  • Openshift
  • Openshift Devspaces
  • Openshift Ironic
  • Rhel Aus
  • Rhel E4s
  • Rhel Eus
  • Rhel Tus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9566.

URL Resource
https://access.redhat.com/errata/RHBA-2025:15692 cve-icon cve-icon
https://access.redhat.com/errata/RHBA-2025:15712 cve-icon cve-icon
https://access.redhat.com/errata/RHBA-2025:16158 cve-icon cve-icon
https://access.redhat.com/errata/RHBA-2025:16163 cve-icon cve-icon
https://access.redhat.com/errata/RHEA-2025:4782 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15900 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15901 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15904 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16480 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16481 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16482 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16488 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16515 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16724 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:17669 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18217 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18218 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18240 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19002 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19041 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19046 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19094 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19894 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20909 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20983 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:8211 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-9566 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2393152 cve-icon cve-icon
https://github.com/containers/podman/commit/43fbde4e665fe6cee6921868f04b7ccd3de5ad89 cve-icon cve-icon
https://github.com/containers/podman/security/advisories/GHSA-wp3j-xq48-xpjw cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-9566 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-9566 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact