CVE-2025-4953
high
CVSS v3
—
CVSS v2
—
VIR risk
8.0
Description
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2025-4953.html
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2025-4953
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:15904
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rocky | 8 | fixed | |
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| sles | affected | | |
| debian | forky | fixed | 5.3.2+ds1-1 |
| debian | sid | fixed | 5.3.2+ds1-1 |
| debian | trixie | fixed | 5.3.2+ds1-1 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/containers/podman/v5 | <=5.5.0 | |
| Go | github.com/containers/podman | | |
| Go | github.com/containers/podman/v2 | | |
| Go | github.com/containers/podman/v3 | | |
| Go | github.com/containers/podman/v4 | | |
| Go | github.com/containers/podman/v5 | | |
References
- https://errata.rockylinux.org/RLSA-2025:15904
- https://nvd.nist.gov/vuln/detail/CVE-2025-4953
- https://github.com/containers/podman/pull/25173
- https://github.com/containers/podman
- https://bugzilla.redhat.com/show_bug.cgi?id=2367235
- https://access.redhat.com/security/cve/CVE-2025-4953
- https://access.redhat.com/errata/RHSA-2026:0316
- https://access.redhat.com/errata/RHSA-2025:2703
- https://access.redhat.com/errata/RHSA-2025:23113
- https://access.redhat.com/errata/RHSA-2025:22732
- https://access.redhat.com/errata/RHSA-2025:22724
- https://access.redhat.com/errata/RHSA-2025:22695
- https://access.redhat.com/errata/RHSA-2025:22275
- https://access.redhat.com/errata/RHSA-2025:22265
- https://access.redhat.com/errata/RHSA-2025:17669
- https://access.redhat.com/errata/RHSA-2025:16729
- https://access.redhat.com/errata/RHSA-2025:16724
- https://access.redhat.com/errata/RHSA-2025:15904
- https://access.redhat.com/errata/RHSA-2024:8690
- https://github.com/advisories/GHSA-m68q-4hqr-mc6f
- https://security-tracker.debian.org/tracker/CVE-2025-4953
- https://www.suse.com/security/cve/CVE-2025-4953.html
Verify integrity in audit chain (admin only). AS-IS.