DEBIAN-CVE-2025-9566
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-9566
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-9566.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-9566
- Upstream
- Published
- 2025-09-05T20:15:36Z
- Modified
- 2025-10-10T19:31:21.019469Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
- References
Affected packages
Debian:11 / libpod
Package
- Name
- libpod
- Purl
- pkg:deb/debian/libpod?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.0.1+dfsg1-3
3.0.1+dfsg1-3+deb11u1
3.0.1+dfsg1-3+deb11u2
3.0.1+dfsg1-3+deb11u3
3.0.1+dfsg1-3+deb11u4
3.0.1+dfsg1-3+deb11u5
3.1.0+ds1-1
3.1.2+ds1-1
3.2.0+ds5-1
3.2.0+ds5-2
3.2.1+ds1-1
3.2.1+ds1-2
3.2.2+ds1-1
3.2.3+ds1-1
3.3.0+ds2-1
3.3.0+ds2-2
3.3.1+ds2-1
3.4.0+ds1-1
3.4.1+ds1-1
3.4.1+ds1-2
3.4.2+ds1-1
3.4.3+ds1-1
3.4.4+ds1-1
3.4.6+ds1-1
3.4.7+ds1-1
3.4.7+ds1-2
3.4.7+ds1-3
4.*
4.0.0~rc5+ds1-1
4.0.1+ds1-1
4.0.1+ds1-2
4.0.1+ds1-3
4.0.3+ds1-1
4.1.0+ds2-1
4.1.0+ds2-2
4.1.1+ds1-1
4.1.1+ds1-2
4.2.0+ds1-1
4.2.0+ds1-2
4.2.0+ds1-3
4.3.1+ds1-1
4.3.1+ds1-2
4.3.1+ds1-3
4.3.1+ds1-4
4.3.1+ds1-5
4.3.1+ds1-6
4.3.1+ds1-7
4.3.1+ds1-8
4.4.0+ds1-1
4.5.0+ds2-1
4.5.1+ds1-1
4.5.1+ds1-2
4.6.2+ds1-1
4.6.2+ds1-2
4.6.2+ds1-3
4.6.2+ds1-4
4.7.1+ds4-1
4.7.1+ds4-2
4.7.1+ds4-3
4.7.1+ds4-4
4.7.1+ds4-5
4.7.2+ds1-1
4.7.2+ds1-2
4.8.3+ds1-1
4.8.3+ds1-2
4.9.0+ds1-1
4.9.0+ds1-2
4.9.2+ds1-1
4.9.2+ds1-2
4.9.3+ds1-1
4.9.4+ds1-1
4.9.5+ds1-1
5.*
5.0.0+ds1-1
5.0.2+ds1-1
5.0.2+ds1-2
5.0.2+ds1-3
5.0.3+ds1-1
5.0.3+ds1-2
5.0.3+ds1-3
5.0.3+ds1-4
5.0.3+ds1-5
5.2.0+ds1-1
5.2.0+ds1-2
5.2.0+ds1-3
5.2.0+ds1-4
5.2.0+ds1-5
5.2.1+ds1-1
5.2.1+ds1-2
5.2.1+ds1-3
5.2.1+ds1-4
5.2.2+ds1-1
5.2.2+ds1-2
Debian:12 / libpod
Package
- Name
- libpod
- Purl
- pkg:deb/debian/libpod?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.3.1+ds1-8
4.3.1+ds1-8+deb12u1
4.4.0+ds1-1
4.5.0+ds2-1
4.5.1+ds1-1
4.5.1+ds1-2
4.6.2+ds1-1
4.6.2+ds1-2
4.6.2+ds1-3
4.6.2+ds1-4
4.7.1+ds4-1
4.7.1+ds4-2
4.7.1+ds4-3
4.7.1+ds4-4
4.7.1+ds4-5
4.7.2+ds1-1
4.7.2+ds1-2
4.8.3+ds1-1
4.8.3+ds1-2
4.9.0+ds1-1
4.9.0+ds1-2
4.9.2+ds1-1
4.9.2+ds1-2
4.9.3+ds1-1
4.9.4+ds1-1
4.9.5+ds1-1
5.*
5.0.0+ds1-1
5.0.2+ds1-1
5.0.2+ds1-2
5.0.2+ds1-3
5.0.3+ds1-1
5.0.3+ds1-2
5.0.3+ds1-3
5.0.3+ds1-4
5.0.3+ds1-5
5.2.0+ds1-1
5.2.0+ds1-2
5.2.0+ds1-3
5.2.0+ds1-4
5.2.0+ds1-5
5.2.1+ds1-1
5.2.1+ds1-2
5.2.1+ds1-3
5.2.1+ds1-4
5.2.2+ds1-1
5.2.2+ds1-2
Debian:13 / podman
Package
- Name
- podman
- Purl
- pkg:deb/debian/podman?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:14 / podman
Package
- Name
- podman
- Purl
- pkg:deb/debian/podman?arch=source