Description
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
Scores
CVSS v3
8.3
EPSS
0.0022
EPSS Percentile
45.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-295
Status
published
Products (16)
containers/podman
0 - 5.5.2Go
containers/podman
4.8.0Go
Red Hat/Red Hat Enterprise Linux 10
6:5.4.0-12.el10_0
Red Hat/Red Hat Enterprise Linux 8
8100020250625105344.afee755d
Red Hat/Red Hat Enterprise Linux 9
5:5.4.0-12.el9_6
Red Hat/Red Hat Enterprise Linux 9.4 Extended Update Support
4:4.9.4-18.el9_4.2
Red Hat/Red Hat OpenShift Container Platform 4
Red Hat/Red Hat OpenShift Container Platform 4.16
416.94.202507222002-0
Red Hat/Red Hat OpenShift Container Platform 4.16
4:4.9.4-16.rhaos4.16.el9
Red Hat/Red Hat OpenShift Container Platform 4.17
417.94.202507132309-0
... and 6 more
Published
Jun 24, 2025
Tracked Since
Feb 18, 2026