CVE-2025-6032

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-6032

Severity

8.3

High

CVSS V3

Description

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

References

https://images.chainguard.dev/security/CGA-vrwq-vm7m-qgww
https://github.com/advisories/GHSA-65gg-3w2w-hr4h
https://images.chainguard.dev/security/CGA-pww7-p4v6-rw7q
https://images.chainguard.dev/security/CGA-8r3q-xppf-5w93
https://access.redhat.com/errata/RHSA-2025:10295
https://access.redhat.com/errata/RHSA-2025:10549
https://access.redhat.com/errata/RHSA-2025:10550
https://access.redhat.com/errata/RHSA-2025:10551
https://access.redhat.com/errata/RHSA-2025:10668
https://access.redhat.com/errata/RHSA-2025:11363
https://access.redhat.com/errata/RHSA-2025:11677
https://access.redhat.com/errata/RHSA-2025:11681
https://access.redhat.com/errata/RHSA-2025:9726
https://access.redhat.com/errata/RHSA-2025:9751
https://access.redhat.com/errata/RHSA-2025:9766
https://bugzilla.redhat.com/show_bug.cgi?id=2372501
https://access.redhat.com/security/cve/CVE-2025-6032

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal