Home > Vulnerability Database > CVE-2025-6032

Mend.io Vulnerability Database

CVE-2025-6032

Good to know:

Date: June 24, 2025

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

Severity Score

8.3

Related Resources (20)

Url: https://access.redhat.com/errata/RHSA-2025:9751

Url: https://access.redhat.com/errata/RHSA-2025:9766

Url: https://access.redhat.com/errata/RHSA-2025:9726

Url: https://access.redhat.com/errata/RHSA-2025:10549

Url: https://access.redhat.com/errata/RHSA-2025:10668

Url: https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3

Url: https://access.redhat.com/errata/RHSA-2025:11359

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-6032

Url: https://access.redhat.com/security/cve/CVE-2025-6032

Url: https://github.com/containers/podman

Url: https://github.com/containers/podman/security/advisories/GHSA-65gg-3w2w-hr4h

Url: https://access.redhat.com/errata/RHSA-2025:11677

Url: https://access.redhat.com/errata/RHSA-2025:10550

Url: https://access.redhat.com/errata/RHSA-2025:10551

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2372501

Url: https://access.redhat.com/errata/RHSA-2025:10295

Url: https://access.redhat.com/errata/RHSA-2025:11681

Url: https://access.redhat.com/errata/RHSA-2025:15397

Url: https://access.redhat.com/errata/RHSA-2025:11363

Url: https://www.mend.io/vulnerability-database/CVE-2025-6032

Severity Score

8.3

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Top Fix

Upgrade Version

Upgrade to version github.com/containers/podman/v5 - v5.5.2;https://github.com/containers/podman.git - v5.5.2

Learn More

CVSS v3.1

Base Score:	8.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-6032

Good to know:

Date: June 24, 2025

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?