PT-2025-26739 · Podman+8 · Podman+8

Paul Holzinger

Published

2025-06-24

Updated

2026-03-03

CVE-2025-6032

CVSS v3.1

8.3

High

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Podman (affected versions not specified)

Description: A flaw was found in Podman where the podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry, resulting in a potential Man In The Middle attack.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALSA-2025:10549

ALSA-2025:10550

ALSA-2025:10551

ALT-PU-2025-10246

AZL-64454

BDU:2025-09074

CESA-2025_10551

CVE-2025-6032

GHSA-65GG-3W2W-HR4H

GO-2025-3777

INFSA-2025_10550

INFSA-2025_10551

OPENSUSE-SU-2025:15262-1

OPENSUSE-SU-2025:15405-1

OPENSUSE-SU-2026:20305-1

RHSA-2025:10295

RHSA-2025:10549

RHSA-2025:10550

RHSA-2025:10551

RHSA-2025:10668

RHSA-2025:9726

RHSA-2025:9751

RHSA-2025:9766

RHSA-2025_10550

RHSA-2025_10551

SUSE-SU-2025:02806-1

SUSE-SU-2025:02807-1

SUSE-SU-2025:02808-1

SUSE-SU-2025:20692-1

SUSE-SU-2025:20805-1

SUSE-SU-2025:20869-1

SUSE-SU-2025_02806-1

SUSE-SU-2025_02807-1

SUSE-SU-2025_02808-1

SUSE-SU-2026:20626-1

SUSE-SU-2026:20641-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Podman

Red Hat

Red Os

Rocky Linux

Suse

PT-2025-26739 · Podman+8 · Podman+8

CVE-2025-6032

Weakness Enumeration

Related Identifiers

Affected Products

References · 151