Man In The Middle Vulnerability in Podman by Red Hat
CVE-2025-6032

8.3HIGH

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
24 June 2025

What is CVE-2025-6032?

A security flaw has been identified in Podman where the 'podman machine init' command does not properly verify the TLS certificate when retrieving virtual machine images from an OCI registry. This insufficient validation could allow an adversary to launch a Man In The Middle attack, potentially allowing them to intercept and alter the communication between the user and the registry, leading to serious security implications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2025:10295
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10549
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10550
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Paul Holzinger (Red Hat Inc.).
JSON
.