CVE-2025-6032

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:10295
https://access.redhat.com/errata/RHSA-2025:10549
https://access.redhat.com/errata/RHSA-2025:10550
https://access.redhat.com/errata/RHSA-2025:10551
https://access.redhat.com/errata/RHSA-2025:10668
https://access.redhat.com/errata/RHSA-2025:11359
https://access.redhat.com/errata/RHSA-2025:11363
https://access.redhat.com/errata/RHSA-2025:11677
https://access.redhat.com/errata/RHSA-2025:11681
https://access.redhat.com/errata/RHSA-2025:15397
https://access.redhat.com/errata/RHSA-2025:9726
https://access.redhat.com/errata/RHSA-2025:9751
https://access.redhat.com/errata/RHSA-2025:9766
https://access.redhat.com/security/cve/CVE-2025-6032
https://bugzilla.redhat.com/show_bug.cgi?id=2372501
https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3
https://github.com/containers/podman/security/advisories/GHSA-65gg-3w2w-hr4h

Configurations

No configuration.

History

29 Nov 2025, 01:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:11359 -

10 Nov 2025, 14:15

Type	Values Removed	Values Added
References		() https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3 - () https://github.com/containers/podman/security/advisories/GHSA-65gg-3w2w-hr4h -

Information

Published : 2025-06-24 14:15

Updated : 2025-11-29 01:16

NVD link : CVE-2025-6032

Mitre link : CVE-2025-6032

CVE.ORG link : CVE-2025-6032

JSON object : View

Products Affected

No product.

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2025-6032", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.6}]}, "published": "2025-06-24T14:15:30.703", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:10295", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:10549", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:10550", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:10551", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:10668", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:11359", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:11363", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:11677", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:11681", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:15397", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9726", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9751", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9766", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-6032", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372501", "source": "[email protected]"}, {"url": "https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3", "source": "[email protected]"}, {"url": "https://github.com/containers/podman/security/advisories/GHSA-65gg-3w2w-hr4h", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Podman. El comando podman machine init no verifica el certificado TLS al descargar im\u00e1genes de m\u00e1quinas virtuales desde un registro OCI. Este problema provoca un ataque de intermediario (Man in the Middle)."}], "lastModified": "2025-11-29T01:16:03.480", "sourceIdentifier": "[email protected]"}