CVE-2019-25067

MEDIUM

Podman Varlink 1.5.1 - Remote Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25067. PoCs published by Jeremy Brown.

AI-analyzed exploit summary This exploit targets Podman & Varlink 1.5.1, allowing remote code execution via the ContainerRunlabel API, DoS via parsing bugs, and arbitrary file reads via directory traversal in the SearchImages API. It demonstrates multiple attack vectors including command execution, denial of service, and information leakage.

Description

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.

Exploits (1)

exploitdb WORKING POC

by Jeremy Brown · pythonremotelinux

https://www.exploit-db.com/exploits/47500

View Code ZIP pw:eip

This exploit targets Podman & Varlink 1.5.1, allowing remote code execution via the ContainerRunlabel API, DoS via parsing bugs, and arbitrary file reads via directory traversal in the SearchImages API. It demonstrates multiple attack vectors including command execution, denial of service, and information leakage.

Classification

Working Poc 95%

Attack Type

Rce | Dos | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Podman & Varlink 1.5.1

No auth needed

Prerequisites: Access to Podman's remote API (TCP/UNIX socket/SSH) · Custom Docker image with malicious 'run' label for RCE

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1499 - Endpoint Denial of Service T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.143949

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.143949

Exploit, Third Party Advisory, VDB Entry exploit

https://www.exploit-db.com/exploits/47500

Issue Tracking issue-tracking

https://github.com/containers/podman/issues/21628

Scores

CVSS v3 6.3

EPSS 0.0232

EPSS Percentile 81.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

Status published

Products (2)

podman_project/podman 1.5.1

varlink/varlink 1.5.1

Published Jun 09, 2022

Tracked Since Feb 18, 2026