CVE-2025-9566: 
Podman vulnerability analysis and mitigation

CVE-2025-9566 is a high-severity vulnerability in Podman's kube play command that was discovered in September 2025. The vulnerability affects Podman versions from v4.0.0 to v5.6.0, allowing attackers to overwrite host files through a symlink traversal attack when using ConfigMap or Secret volume mounts (SecurityOnline, NVD).

The vulnerability exists in the podman kube play command's handling of ConfigMap and Secret volume mounts. When a kube file contains these volume mounts and the volume already contains a symlink to a host file path, an attacker can exploit this to overwrite arbitrary files on the host system. The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. The issue is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD, Miggo).

While the vulnerability allows attackers to overwrite arbitrary files on the host system, they can only control the target path of the overwritten file but not its contents. The contents that will be written to the targeted file are defined in the YAML file by the end user. This limitation reduces the potential impact but still presents significant security risks for host system integrity (SecurityOnline).

The vulnerability has been patched in Podman version 5.6.1. For users unable to immediately upgrade, the recommended workaround is to avoid using podman kube play with ConfigMap or Secret volume mounts. Red Hat has released security updates for affected versions across Red Hat Enterprise Linux 8, 9, and 10 through security advisories RHSA-2025:15900, RHSA-2025:15901, and RHSA-2025:15904 (Red Hat).