Data Exposure Vulnerability in Podman by Red Hat
CVE-2025-4953

7.4HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-4953?

A vulnerability in Podman allows data written during the build process with RUN --mount=type=bind to remain accessible in the host's temporary build context directory. This can inadvertently expose sensitive files created within the container to the host, leading to potential security risks. Proper handling and cleanup of files are necessary to mitigate this risk.

References

https://access.redhat.com/security/cve/CVE-2025-4953

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2367235

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
May 19, 2025