- Description
- A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.3
- Impact score
- 6
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
- secalert@redhat.com
- CWE-295
- Hype score
- Not currently trending
Podman v5.2.2 just dropped! It mostly addresses CVE-2025-6032, a TLS issue with `podman machine`, and has another smaller fix. Out to Fedora testing now, and other distros shortly! #podman #OpenSource https://t.co/csbb25cLn7
@Podman_io
24 Jun 2025
1359 Impressions
11 Retweets
53 Likes
4 Bookmarks
0 Replies
1 Quote
CVE-2025-6032 A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results … https://t.co/0qTGGtie30
@CVEnew
24 Jun 2025
421 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-6032: HIGH] Critical security flaw in Podman! Vulnerability allows Man In The Middle attack by not verifying TLS certificates when downloading VM images from OCI registry. #CyberSecurity#cve,CVE-2025-6032,#cybersecurity https://t.co/WraUclFMkP https://t.co/Fh8erTjwJn
@CveFindCom
24 Jun 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-6032: HIGH] Podman machine init command in #cybersecurity flaw! Lack of TLS cert verification in image download from OCI registry leads to potential Man In The Middle attack.#cve,CVE-2025-6032,#cybersecurity https://t.co/WraUclFMkP https://t.co/VnQ79CKD8h
@CveFindCom
24 Jun 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes