CVE-2025-9566

Published Sep 5, 2025

Last updated a month ago

CVSS high 8.1
kube play

Overview

Description
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
Source
secalert@redhat.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.1
Impact score
5.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-22

Social media

Hype score
Not currently trending

  1. CyberDudeBivash Global Vulnerability Report CVE-2025-9566 – Podman kube play Symlink Traversal Vulnerability https://t.co/TyT78l7zUf https://t.co/zqJfURrnM8

    @cyberbivash

    8 Sept 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A high-severity flaw (CVE-2025-9566) in Podman allows malicious containers to overwrite host files via a symlink traversal attack. A patch is available in Podman v5.6.1. #Podman #ContainerSecurity #Vulnerability #Kubernetes #Cybersecurity https://t.co/bb4DsvfU46

    @the_yellow_fall

    8 Sept 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Podmanプロジェクトはセキュリティ勧告を発表した(CVE-2025-9566)。これはpodman kube playコマンドに存在し、ConfigMapやSecretをマウントする際にシンボリックリンクを悪用されると、ホスト上の任意ファイルが上書

    @yousukezan

    8 Sept 2025

    615 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🗣️ Podman Patches Symlink Traversal Vulnerability in kube play Command (CVE-2025-9566) https://t.co/HKEsGyIfwC

    @fridaysecurity

    8 Sept 2025

    155 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🟧 CVE-2025-9566, CVSS: 8.1 (High) Podman version 4.0.0 to 5.6.1. The vulnerability allows attackers to overwrite host files using the kube play command with symbolic links. Attackers can control the target file to be overwritten but not the content to be written into the ht

    @UjlakiMarci

    6 Sept 2025

    1815 Impressions

    7 Retweets

    34 Likes

    3 Bookmarks

    2 Replies

    0 Quotes

  6. CVE-2025-9566 There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume m… https://t.co/pVxtJv5Rba

    @CVEnew

    6 Sept 2025

    171 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE Alert: CVE-2025-9566 - Red Hat - Red Hat Enterprise Linux 10 - https://t.co/EGPsvZKf3Y #OSINT #ThreatIntel #CyberSecurity #cve-2025-9566 #red-hat #red-hat-enterprise-linux-10

    @RedPacketSec

    5 Sept 2025

    78 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-9566 - Podman: podman kube play command may overwrite host files https://t.co/AM1MgTeqzL https://t.co/2k7lsdmFjP #cybersecurity #infosec #hacking

    @cypmsecnews

    5 Sept 2025

    95 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.