{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6032", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-06-12T15:21:33.840Z", "datePublished": "2025-06-24T13:50:47.955Z", "dateUpdated": "2025-07-02T07:53:34.587Z"}, "containers": {"cna": {"title": "Podman: podman missing tls verification", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "versions": [{"version": "4:4.9.4-14.rhaos4.16.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.18", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "versions": [{"version": "5:5.2.2-9.rhaos4.18.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.18::el8", "cpe:/a:redhat:openshift:4.18::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.19", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "versions": [{"version": "5:5.4.0-6.rhaos4.19.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.19::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:rhel8/podman", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9726", "name": "RHSA-2025:9726", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9751", "name": "RHSA-2025:9751", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9766", "name": "RHSA-2025:9766", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-6032", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372501", "name": "RHBZ#2372501", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-06-24T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-295: Improper Certificate Validation", "workarounds": [{"lang": "en", "value": "Download the VM image manually with another tool that verifies the TLS certificate and then pass the local image as a file path to podman, for example:\n\n# podman machine init --image <local-image-path>"}], "timeline": [{"lang": "en", "time": "2025-06-12T15:14:34.557000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-24T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Paul Holzinger (Red Hat Inc.)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-02T07:53:34.587Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-24T14:11:17.749372Z", "id": "CVE-2025-6032", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-24T14:12:10.372Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6032", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-24T14:11:17.749372Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-24T14:11:34.059Z"}}], "cna": {"title": "Podman: podman missing tls verification", "credits": [{"lang": "en", "value": "This issue was discovered by Paul Holzinger (Red Hat Inc.)."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "4:4.9.4-14.rhaos4.16.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.18::el8", "cpe:/a:redhat:openshift:4.18::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.18", "versions": [{"status": "unaffected", "version": "5:5.2.2-9.rhaos4.18.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.19::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.19", "versions": [{"status": "unaffected", "version": "5:5.4.0-6.rhaos4.19.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "container-tools:rhel8/podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "podman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "rhcos", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-06-12T15:14:34.557000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-24T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-06-24T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9726", "name": "RHSA-2025:9726", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9751", "name": "RHSA-2025:9751", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9766", "name": "RHSA-2025:9766", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-6032", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372501", "name": "RHBZ#2372501", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Download the VM image manually with another tool that verifies the TLS certificate and then pass the local image as a file path to podman, for example:\n\n# podman machine init --image <local-image-path>"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-02T07:53:34.587Z"}, "x_redhatCweChain": "CWE-295: Improper Certificate Validation"}}, "cveMetadata": {"cveId": "CVE-2025-6032", "state": "PUBLISHED", "dateUpdated": "2025-07-02T07:53:34.587Z", "dateReserved": "2025-06-12T15:21:33.840Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-06-24T13:50:47.955Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Podman. El comando podman machine init no verifica el certificado TLS al descargar im\u00e1genes de m\u00e1quinas virtuales desde un registro OCI. Este problema provoca un ataque de intermediario (Man in the Middle)."}], "id": "CVE-2025-6032", "lastModified": "2025-07-02T08:15:57.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-06-24T14:15:30.703", "references": [{"source": "[email protected]", "url": "https://access.redhat.com/errata/RHSA-2025:9726"}, {"source": "[email protected]", "url": "https://access.redhat.com/errata/RHSA-2025:9751"}, {"source": "[email protected]", "url": "https://access.redhat.com/errata/RHSA-2025:9766"}, {"source": "[email protected]", "url": "https://access.redhat.com/security/cve/CVE-2025-6032"}, {"source": "[email protected]", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372501"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "[email protected]", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Paul Holzinger (Red Hat Inc.).", "affected_release": [{"advisory": "RHSA-2025:9766", "cpe": "cpe:/a:redhat:openshift:4.16::el8", "package": "podman-4:4.9.4-16.rhaos4.16.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:9726", "cpe": "cpe:/a:redhat:openshift:4.18::el9", "package": "podman-5:5.2.2-9.rhaos4.18.el9", "product_name": "Red Hat OpenShift Container Platform 4.18", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:9751", "cpe": "cpe:/a:redhat:openshift:4.19::el9", "package": "podman-5:5.4.0-6.rhaos4.19.el9", "product_name": "Red Hat OpenShift Container Platform 4.19", "release_date": "2025-07-01T00:00:00Z"}], "bugzilla": {"description": "podman: podman missing TLS verification", "id": "2372501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372501"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-295", "details": ["A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.", "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack."], "mitigation": {"lang": "en:us", "value": "Download the VM image manually with another tool that verifies the TLS certificate and then pass the local image as a file path to podman, for example:\n# podman machine init --image <local-image-path>"}, "name": "CVE-2025-6032", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:rhel8/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6032\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6032"], "statement": "To exploit this flaw, a user needs to download an image from an untrusted OCI registry, specifically, an OCI registry with an invalid TLS certificate. This allows a remote attacker with access to the network path between the registry and the client to perform a Man In the Middle attack.", "threat_severity": "Important"}