CVE-2025-6032: 
Podman vulnerability analysis and mitigation

A security vulnerability identified as CVE-2025-6032 was discovered in Podman, affecting versions 4.8.0 and later. The vulnerability was disclosed on June 24, 2025, and involves the podman machine init command failing to verify TLS certificates when downloading VM images from an OCI registry. This issue became particularly significant when the functionality became the default method for pulling images in version 5.0.0 (Red Hat Bugzilla).

The vulnerability stems from improper certificate validation (CWE-295) in the podman machine init command. The specific issue occurs during the VM image download process from OCI registries, where the system fails to properly verify TLS certificates. The vulnerability has been assigned a CVSS v3.1 base score of 8.3 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H (NVD).

The vulnerability enables potential Man-in-the-Middle (MITM) attacks during the VM image download process. This could allow attackers with access to the network path between the registry and client to intercept and potentially manipulate the downloaded VM images, compromising the integrity and security of the container environment (Red Hat Bugzilla).

The vulnerability affects RHEL 8.10, 9.4, and OpenShift Container Platform 4.16, while earlier versions of OpenShift and RHEL are not impacted by this issue (Red Hat Bugzilla).