CVE-2025-4953
HIGHPodman - Insecure Temporary File Creation via RUN --mount=type=bind
Title source: llmDescription
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
References (16)
Core 16
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:8690
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:15904
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:16724
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:16729
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:17669
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22265
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22275
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22695
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22724
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22732
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:23113
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:2703
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0316
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-4953
Issue Tracking
https://github.com/containers/podman/pull/25173
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2367235
Scores
CVSS v3
7.4
EPSS
0.0003
EPSS Percentile
9.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-378
Status
published
Products (38)
containers/podman
0Go
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 8
8100020250911075811.afee755d
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat OpenShift Container Platform 4
Red Hat/Red Hat OpenShift Container Platform 4.12
3:4.2.0-15.rhaos4.12.el9
Red Hat/Red Hat OpenShift Container Platform 4.12
412.86.202601061735-0
Red Hat/Red Hat OpenShift Container Platform 4.13
0:1.26.0-7.el8
Red Hat/Red Hat OpenShift Container Platform 4.13
0:1.26.5-26.rhaos4.13.giteb3d487.el8
Red Hat/Red Hat OpenShift Container Platform 4.13
0:2.15.0-10.rhaos4.13.el9
... and 28 more
Published
Sep 16, 2025
Tracked Since
Feb 18, 2026