Man In The Middle Vulnerability in Podman by Red Hat
CVE-2025-6032

8.3HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.4 Extended Update Support
Vendor: CVE Published:; 24 June 2025

🔔 Create Red Hat Vulnerability Alert

What is CVE-2025-6032?

A security flaw has been identified in Podman where the 'podman machine init' command does not properly verify the TLS certificate when retrieving virtual machine images from an OCI registry. This insufficient validation could allow an adversary to launch a Man In The Middle attack, potentially allowing them to intercept and alter the communication between the user and the registry, leading to serious security implications.

Affected Version(s)

Red Hat Enterprise Linux 10 6:5.4.0-12.el10_0

Red Hat Enterprise Linux 8 8100020250625105344.afee755d

Red Hat Enterprise Linux 9 5:5.4.0-12.el9_6

References

https://access.redhat.com/errata/RHSA-2025:10295

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:10549

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:10550

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Jun 12, 2025

Credit

This issue was discovered by Paul Holzinger (Red Hat Inc.).

.

CVE-2025-6032 : Man In The Middle Vulnerability in Podman by Red Hat