{"api_version":"1","generated_at":"2026-06-27T01:16:30+00:00","cve":"CVE-2025-6032","urls":{"html":"https://cve.report/CVE-2025-6032","api":"https://cve.report/api/cve/CVE-2025-6032.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-6032","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-6032"},"summary":{"title":"Podman: podman missing tls verification","description":"A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-06-24 14:15:30","updated_at":"2026-06-25 03:16:38"},"problem_types":["CWE-295","CWE-295 Improper Certificate Validation"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"8.3","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.3","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:11359","name":"https://access.redhat.com/errata/RHSA-2025:11359","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:11681","name":"https://access.redhat.com/errata/RHSA-2025:11681","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372501","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2372501","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9766","name":"https://access.redhat.com/errata/RHSA-2025:9766","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9751","name":"https://access.redhat.com/errata/RHSA-2025:9751","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-6032","name":"https://access.redhat.com/security/cve/CVE-2025-6032","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3","name":"https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:11363","name":"https://access.redhat.com/errata/RHSA-2025:11363","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:11677","name":"https://access.redhat.com/errata/RHSA-2025:11677","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10668","name":"https://access.redhat.com/errata/RHSA-2025:10668","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10550","name":"https://access.redhat.com/errata/RHSA-2025:10550","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10551","name":"https://access.redhat.com/errata/RHSA-2025:10551","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:15397","name":"https://access.redhat.com/errata/RHSA-2025:15397","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9726","name":"https://access.redhat.com/errata/RHSA-2025:9726","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10549","name":"https://access.redhat.com/errata/RHSA-2025:10549","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10295","name":"https://access.redhat.com/errata/RHSA-2025:10295","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/containers/podman/security/advisories/GHSA-65gg-3w2w-hr4h","name":"https://github.com/containers/podman/security/advisories/GHSA-65gg-3w2w-hr4h","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-6032","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6032","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"unaffected 6:5.4.0-12.el10_0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"unaffected 8100020250625105344.afee755d * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 5:5.4.0-12.el9_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","version":"unaffected 4:4.9.4-18.el9_4.2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","version":"unaffected 4:4.9.4-14.rhaos4.16.el8 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","version":"unaffected 416.94.202507222002-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.17","version":"unaffected 5:5.2.2-8.rhaos4.17.el8 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.17","version":"unaffected 417.94.202507132309-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","version":"unaffected 418.94.202507221927-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","version":"unaffected 5:5.2.2-9.rhaos4.18.el9 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","version":"unaffected 4.19.9.6.202507152218-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","version":"unaffected 5:5.4.0-6.rhaos4.19.el9 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","version":"unaffected 4.20.9.6.202509251656-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat In-Vehicle Operating System 1","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-06-12T15:14:34.557Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-06-24T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Download the VM image manually with another tool that verifies the TLS certificate and then pass the local image as a file path to podman, for example:\n\n# podman machine init --image <local-image-path>","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"This issue was discovered by Paul Holzinger (Red Hat Inc.).","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"6032","cve":"CVE-2025-6032","epss":"0.003970000","percentile":"0.315400000","score_date":"2026-06-26","updated_at":"2026-06-27 00:07:47"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-6032","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-06-24T14:11:17.749372Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-06-24T14:12:10.372Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://github.com/containers/podman/","defaultStatus":"unaffected","packageName":"podman","versions":[{"lessThan":"5.5.2","status":"affected","version":"4.8.0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.0"],"defaultStatus":"affected","packageName":"podman","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"6:5.4.0-12.el10_0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"defaultStatus":"affected","packageName":"container-tools:rhel8","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"8100020250625105344.afee755d","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","packageName":"podman","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"5:5.4.0-12.el9_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"],"defaultStatus":"affected","packageName":"podman","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"4:4.9.4-18.el9_4.2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.16::el8","cpe:/a:redhat:openshift:4.16::el9"],"defaultStatus":"affected","packageName":"podman","product":"Red Hat OpenShift Container Platform 4.16","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"4:4.9.4-14.rhaos4.16.el8","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.16","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"416.94.202507222002-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.17::el8","cpe:/a:redhat:openshift:4.17::el9"],"defaultStatus":"affected","packageName":"podman","product":"Red Hat OpenShift Container Platform 4.17","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"5:5.2.2-8.rhaos4.17.el8","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.17::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.17","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"417.94.202507132309-0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.18::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.18","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"418.94.202507221927-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.18::el8","cpe:/a:redhat:openshift:4.18::el9"],"defaultStatus":"affected","packageName":"podman","product":"Red Hat OpenShift Container Platform 4.18","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"5:5.2.2-9.rhaos4.18.el9","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift:4.19::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.19","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"4.19.9.6.202507152218-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.19::el9"],"defaultStatus":"affected","packageName":"podman","product":"Red Hat OpenShift Container Platform 4.19","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"5:5.4.0-6.rhaos4.19.el9","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.20","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"4.20.9.6.202509251656-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhivos:1"],"defaultStatus":"unaffected","packageName":"podman","product":"Red Hat In-Vehicle Operating System 1","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"This issue was discovered by Paul Holzinger (Red Hat Inc.)."}],"datePublic":"2025-06-24T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-25T02:07:36.071Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:10295","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10295"},{"name":"RHSA-2025:10549","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10549"},{"name":"RHSA-2025:10550","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10550"},{"name":"RHSA-2025:10551","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10551"},{"name":"RHSA-2025:10668","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10668"},{"name":"RHSA-2025:11359","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:11359"},{"name":"RHSA-2025:11363","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:11363"},{"name":"RHSA-2025:11677","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:11677"},{"name":"RHSA-2025:11681","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:11681"},{"name":"RHSA-2025:15397","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:15397"},{"name":"RHSA-2025:9726","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9726"},{"name":"RHSA-2025:9751","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9751"},{"name":"RHSA-2025:9766","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9766"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-6032"},{"name":"RHBZ#2372501","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372501"},{"url":"https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3"},{"url":"https://github.com/containers/podman/security/advisories/GHSA-65gg-3w2w-hr4h"}],"timeline":[{"lang":"en","time":"2025-06-12T15:14:34.557Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-06-24T00:00:00.000Z","value":"Made public."}],"title":"Podman: podman missing tls verification","workarounds":[{"lang":"en","value":"Download the VM image manually with another tool that verifies the TLS certificate and then pass the local image as a file path to podman, for example:\n\n# podman machine init --image <local-image-path>"}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-295: Improper Certificate Validation"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-6032","datePublished":"2025-06-24T13:50:47.955Z","dateReserved":"2025-06-12T15:21:33.840Z","dateUpdated":"2026-06-25T02:07:36.071Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-06-24 14:15:30","lastModifiedDate":"2026-06-25 03:16:38","problem_types":["CWE-295","CWE-295 Improper Certificate Validation"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-24T14:11:17.749372Z","id":"CVE-2025-6032","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"6032","Ordinal":"1","Title":"Podman: podman missing tls verification","CVE":"CVE-2025-6032","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"6032","Ordinal":"1","NoteData":"A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.","Type":"Description","Title":"Podman: podman missing tls verification"}]}}}