CVE-2025-9566: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
AI Analysis
Technical Summary
This vulnerability in podman involves improper limitation of a pathname to a restricted directory, enabling path traversal. An attacker leveraging the kube play command with a container that mounts a Secret or ConfigMap volume containing a symbolic link to a host file path can overwrite that host file. The vulnerability was introduced in podman version 4.0.0 and fixed in version 5.6.1. The overwrite is limited to file selection; the attacker cannot control the data written. Red Hat's advisories for OpenShift Container Platform 4.18.24 and 4.19.12 include updated podman packages that fix this vulnerability.
Potential Impact
Successful exploitation allows an attacker with privileges to use the kube play command to overwrite arbitrary host files via symbolic links in volume mounts. This can lead to integrity compromise of host files and potential disruption or escalation of privileges. The attacker cannot control the content written, limiting the scope of impact. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released official fixes for this vulnerability in podman versions included with OpenShift Container Platform 4.18.24 and 4.19.12. Users should upgrade to these updated packages as soon as they are available via the appropriate release channels. Instructions for upgrading clusters are provided in Red Hat's documentation. Patch status is confirmed as fixed in podman version 5.6.1 and corresponding OpenShift releases. No alternative mitigations are indicated in the vendor advisories.
CVE-2025-9566: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in podman involves improper limitation of a pathname to a restricted directory, enabling path traversal. An attacker leveraging the kube play command with a container that mounts a Secret or ConfigMap volume containing a symbolic link to a host file path can overwrite that host file. The vulnerability was introduced in podman version 4.0.0 and fixed in version 5.6.1. The overwrite is limited to file selection; the attacker cannot control the data written. Red Hat's advisories for OpenShift Container Platform 4.18.24 and 4.19.12 include updated podman packages that fix this vulnerability.
Potential Impact
Successful exploitation allows an attacker with privileges to use the kube play command to overwrite arbitrary host files via symbolic links in volume mounts. This can lead to integrity compromise of host files and potential disruption or escalation of privileges. The attacker cannot control the content written, limiting the scope of impact. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released official fixes for this vulnerability in podman versions included with OpenShift Container Platform 4.18.24 and 4.19.12. Users should upgrade to these updated packages as soon as they are available via the appropriate release channels. Instructions for upgrading clusters are provided in Red Hat's documentation. Patch status is confirmed as fixed in podman version 5.6.1 and corresponding OpenShift releases. No alternative mitigations are indicated in the vendor advisories.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-08-27T22:17:43.489Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68bb425f535f4a97730e492e
Added to database: 9/5/2025, 8:04:47 PM
Last enriched: 4/22/2026, 6:19:00 AM
Last updated: 5/9/2026, 11:01:50 PM
Views: 188
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.