The Red Hat security advisory RHSA-2026:4533 reports fixes for three vulnerabilities affecting podman and its components. CVE-2025-52881 involves container escape and denial of service via arbitrary write gadgets and procfs write redirects in runc, a container runtime component. CVE-2025-58183 is an unbounded allocation vulnerability in the Go archive/tar package when parsing GNU sparse maps, potentially leading to resource exhaustion. CVE-2025-65637 is a denial-of-service vulnerability in the github.com/sirupsen/logrus logging library caused by processing large single-line payloads. These vulnerabilities impact container management and runtime security on affected Red Hat Enterprise Linux 9.2 systems. Red Hat has issued updated packages to remediate these issues.

The vulnerabilities collectively allow for container escape, denial of service, and resource exhaustion conditions in containerized environments managed by podman on Red Hat Enterprise Linux 9.2. Specifically, CVE-2025-52881 could allow an attacker to escape container isolation or cause denial of service via manipulation of runc. CVE-2025-58183 could lead to unbounded memory allocation causing denial of service when processing crafted tar archives. CVE-2025-65637 could cause denial of service by exploiting logrus with large payloads. These impacts affect container security and system stability.

Red Hat has released updated podman packages for Red Hat Enterprise Linux 9.2 that address these vulnerabilities. Users should apply the security update as described in Red Hat advisory RHSA-2026:4533 and the referenced article https://access.redhat.com/articles/11258 to remediate these issues. Since this is not a cloud service, remediation requires applying the vendor-provided patches. No additional mitigation steps are indicated by the vendor advisory.