CVE-2025-6032

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:10295
https://access.redhat.com/errata/RHSA-2025:10549
https://access.redhat.com/errata/RHSA-2025:10550
https://access.redhat.com/errata/RHSA-2025:10551
https://access.redhat.com/errata/RHSA-2025:10668
https://access.redhat.com/errata/RHSA-2025:11363
https://access.redhat.com/errata/RHSA-2025:11677
https://access.redhat.com/errata/RHSA-2025:11681
https://access.redhat.com/errata/RHSA-2025:15397
https://access.redhat.com/errata/RHSA-2025:9726
https://access.redhat.com/errata/RHSA-2025:9751
https://access.redhat.com/errata/RHSA-2025:9766
https://access.redhat.com/security/cve/CVE-2025-6032
https://bugzilla.redhat.com/show_bug.cgi?id=2372501

Configurations

No configuration.

History

21 Oct 2025, 20:20

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:15397 -

30 Jul 2025, 23:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:11677 -

30 Jul 2025, 14:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:11681 -

22 Jul 2025, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:11363 -

09 Jul 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-24 14:15

Updated : 2025-10-21 20:20

NVD link : CVE-2025-6032

Mitre link : CVE-2025-6032

CVE.ORG link : CVE-2025-6032

JSON object : View

Products Affected

No product.

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2025-6032", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.6}]}, "published": "2025-06-24T14:15:30.703", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:10295", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:10549", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:10550", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:10551", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:10668", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:11363", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:11677", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:11681", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:15397", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9726", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9751", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9766", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-6032", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372501", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Podman. El comando podman machine init no verifica el certificado TLS al descargar im\u00e1genes de m\u00e1quinas virtuales desde un registro OCI. Este problema provoca un ataque de intermediario (Man in the Middle)."}], "lastModified": "2025-10-21T20:20:56.210", "sourceIdentifier": "secalert@redhat.com"}