Nixpkgs Security Tracker

Permalink CVE-2025-4953

7.4 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 6 months, 1 week ago
@LeSuisse removed
7 packages
- podman-tui
- podman-bootc
- podman-compose
- podman-desktop
- nomad-driver-podman
- python312Packages.podman
- python313Packages.podman
4 months, 4 weeks ago
@LeSuisse accepted 4 months, 4 weeks ago
@LeSuisse removed
2 maintainers
- @saschagrunert
- @vdemeester
1 month ago
@LeSuisse published on GitHub 1 month ago

Podman: build context bind mount

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.

References

https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://github.com/containers/podman/pull/25173
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://github.com/containers/podman/pull/25173
RHSA-2025:15904 vendor-advisory x_refsource_REDHAT
RHSA-2025:15904 vendor-advisory x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://github.com/containers/podman/pull/25173
RHSA-2025:15904 vendor-advisory x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://github.com/containers/podman/pull/25173
RHSA-2024:8690 vendor-advisory x_refsource_REDHAT
RHSA-2025:15904 vendor-advisory x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
RHSA-2025:2703 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://github.com/containers/podman/pull/25173
RHSA-2025:15904 vendor-advisory x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
RHSA-2025:22265 vendor-advisory x_refsource_REDHAT
RHSA-2025:2703 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://github.com/containers/podman/pull/25173
RHSA-2024:8690 vendor-advisory x_refsource_REDHAT
RHSA-2024:8690 vendor-advisory x_refsource_REDHAT
RHSA-2025:15904 vendor-advisory x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
RHSA-2025:22265 vendor-advisory x_refsource_REDHAT
RHSA-2025:22275 vendor-advisory x_refsource_REDHAT
RHSA-2025:2703 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://github.com/containers/podman/pull/25173
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
RHSA-2025:22265 vendor-advisory x_refsource_REDHAT
RHSA-2025:22275 vendor-advisory x_refsource_REDHAT
RHSA-2025:22695 vendor-advisory x_refsource_REDHAT
RHSA-2025:22724 vendor-advisory x_refsource_REDHAT
RHSA-2025:22732 vendor-advisory x_refsource_REDHAT
RHSA-2025:2703 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://github.com/containers/podman/pull/25173
RHSA-2024:8690 vendor-advisory x_refsource_REDHAT
RHSA-2025:15904 vendor-advisory x_refsource_REDHAT
RHSA-2024:8690 vendor-advisory x_refsource_REDHAT
RHSA-2025:15904 vendor-advisory x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
RHSA-2025:22265 vendor-advisory x_refsource_REDHAT
RHSA-2025:22275 vendor-advisory x_refsource_REDHAT
RHSA-2025:22695 vendor-advisory x_refsource_REDHAT
RHSA-2025:22724 vendor-advisory x_refsource_REDHAT
RHSA-2025:22732 vendor-advisory x_refsource_REDHAT
RHSA-2025:23113 vendor-advisory x_refsource_REDHAT
RHSA-2025:2703 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://github.com/containers/podman/pull/25173
RHSA-2024:8690 vendor-advisory x_refsource_REDHAT
RHSA-2025:15904 vendor-advisory x_refsource_REDHAT
RHSA-2025:16724 vendor-advisory x_refsource_REDHAT
RHSA-2025:16729 vendor-advisory x_refsource_REDHAT
RHSA-2025:17669 vendor-advisory x_refsource_REDHAT
RHSA-2025:22265 vendor-advisory x_refsource_REDHAT
RHSA-2025:22275 vendor-advisory x_refsource_REDHAT
RHSA-2025:22695 vendor-advisory x_refsource_REDHAT
RHSA-2025:22724 vendor-advisory x_refsource_REDHAT
RHSA-2025:22732 vendor-advisory x_refsource_REDHAT
RHSA-2025:23113 vendor-advisory x_refsource_REDHAT
RHSA-2025:2703 vendor-advisory x_refsource_REDHAT
RHSA-2026:0316 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-4953 x_refsource_REDHAT vdb-entry
RHBZ#2367235 issue-tracking x_refsource_REDHAT
https://github.com/containers/podman/pull/25173

Affected products

runc

cri-o

rhcos

conmon

kernel

podman

skopeo

buildah

haproxy

ignition

cri-tools

kernel-rt

openshift

openshift-kuryr

openshift-ansible

openshift-clients

openshift4-aws-iso

container-tools:rhel8

containernetworking-plugins

container-tools:rhel8/podman

Matching in nixpkgs

pkgs.podman

Program for managing pods, containers and container images

nixos-unstable -
- nixpkgs-unstable 5.6.1

Package maintainers

Ignored maintainers (2)

@saschagrunert Sascha Grunert <mail@saschagrunert.de>
@vdemeester Vincent Demeester <vincent@sbr.pm>

RH/Debian discussion: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117966#22

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.podman

Package maintainers