Data Exposure Vulnerability in Podman by Red Hat
CVE-2025-4953

7.4HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Container Platform 4.12; Red Hat Openshift Container Platform 4.16; Red Hat Openshift Container Platform 4.18; Red Hat Enterprise Linux 10
Vendor: CVE Published:; 16 September 2025

🔔 Create Red Hat Vulnerability Alert

What is CVE-2025-4953?

A vulnerability in Podman allows data written during the build process with RUN --mount=type=bind to remain accessible in the host's temporary build context directory. This can inadvertently expose sensitive files created within the container to the host, leading to potential security risks. Proper handling and cleanup of files are necessary to mitigate this risk.

Affected Version(s)

Red Hat OpenShift Container Platform 4.12 3:4.2.0-15.rhaos4.12.el9

Red Hat OpenShift Container Platform 4.16 4:4.9.4-16.rhaos4.16.el8

Red Hat OpenShift Container Platform 4.18 5:5.2.2-2.rhaos4.18.el8

References

https://access.redhat.com/errata/RHSA-2025:16724

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:16729

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:17669

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
May 19, 2025

.