CVE-2025-4953

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Podman (affected versions not specified)

Description A flaw exists in Podman where data written to RUN --mount=type=bind mounts during the podman build process is not discarded. This can result in files created within the container appearing in the temporary build context directory on the host, potentially leaving the created files accessible.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-378

Related Identifiers

AZL-68054

CESA-2025_15904

CVE-2025-4953

GHSA-M68Q-4HQR-MC6F

GO-2025-3961

OPENSUSE-SU-2025:15564-1

RHSA-2024:8690

RHSA-2025:15904

RHSA-2025:16724

RHSA-2025:16729

RHSA-2025:17669

RHSA-2025_15904

SUSE-SU-2025:03289-1

Affected Products

Centos

Debian

Podman

Red Hat

Rocky Linux

CVE-2025-4953

Weakness Enumeration

Related Identifiers

Affected Products

References · 75