Man In The Middle Vulnerability in Podman by Red Hat
CVE-2025-6032

8.3HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-6032?

A security flaw has been identified in Podman where the 'podman machine init' command does not properly verify the TLS certificate when retrieving virtual machine images from an OCI registry. This insufficient validation could allow an adversary to launch a Man In The Middle attack, potentially allowing them to intercept and alter the communication between the user and the registry, leading to serious security implications.

References

https://access.redhat.com/security/cve/CVE-2025-6032

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2372501

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Jun 12, 2025

Credit

This issue was discovered by Paul Holzinger (Red Hat Inc.).