CVE-2025-9566
Description
Important: podman security update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-20909.html
Vendor advisory: alma — https://bugzilla.redhat.com/2387083
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-15900.html
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-15904.html
Vendor advisory: alma — https://bugzilla.redhat.com/2393152
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:15904
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:15900
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2025-9566.html
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2025-9566
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2026:18722
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:20909
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:15900
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:15904
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rocky | 8 | fixed | |
| rhel | 9 | fixed | |
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | forky | fixed | 5.6.1+ds1-2 |
| debian | sid | fixed | 5.6.1+ds1-2 |
| debian | trixie | affected | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/containers/podman/v5 | <5.6.1 | 5.6.1 |
| Go | github.com/containers/podman/v4 | <=4.9.5 | |
| Go | github.com/containers/podman | | |
| Go | github.com/containers/podman/v2 | | |
| Go | github.com/containers/podman/v3 | | |
| Go | github.com/containers/podman/v4 | | |
| GO | github.com/containers/podman/v4 | <= 4.9.5 | |
| GO | github.com/containers/podman/v5 | <= 5.6.0 | 5.6.1 |
References
- https://errata.rockylinux.org/RLSA-2025:15904
- https://access.redhat.com/errata/RHSA-2025:15900
- https://access.redhat.com/errata/RHSA-2025:20909
- https://access.redhat.com/errata/RHSA-2026:18722
- https://access.redhat.com/errata/RHBA-2025:15692
- https://access.redhat.com/errata/RHBA-2025:15712
- https://access.redhat.com/errata/RHBA-2025:16158
- https://access.redhat.com/errata/RHBA-2025:16163
- https://access.redhat.com/errata/RHEA-2025:4782
- https://access.redhat.com/errata/RHSA-2025:15901
- https://access.redhat.com/errata/RHSA-2025:15904
- https://access.redhat.com/errata/RHSA-2025:16480
- https://access.redhat.com/errata/RHSA-2025:16481
- https://access.redhat.com/errata/RHSA-2025:16482
- https://access.redhat.com/errata/RHSA-2025:16488
- https://access.redhat.com/errata/RHSA-2025:16515
- https://access.redhat.com/errata/RHSA-2025:16724
- https://access.redhat.com/errata/RHSA-2025:17669
- https://access.redhat.com/errata/RHSA-2025:18217
- https://access.redhat.com/errata/RHSA-2025:18218
- https://access.redhat.com/errata/RHSA-2025:18240
- https://access.redhat.com/errata/RHSA-2025:19002
- https://access.redhat.com/errata/RHSA-2025:19041
- https://access.redhat.com/errata/RHSA-2025:19046
- https://access.redhat.com/errata/RHSA-2025:19094
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.