CNNVD-202506-3087 Information

CNNVD ID

CNNVD-202506-3087

Related CVE

CVE-2025-6032

• CNNVD Published: 2025-06-24

Description (Chinese)

Podman是Podman开源的一款用于在Linux系统上开发、管理和运行OCI容器的引擎。 Podman存在信任管理问题漏洞，该漏洞源于podman machine init命令未验证TLS证书，可能导致中间人攻击。

Description (English)

Podman is a Podman open source for the development, management and operation of an engine for OCI containers on Linux. Podman has a confidence management loophole, which stems from the failure of the Podman Machine init order to validate the TLS certificate, which could lead to an attack by an intermediary.

Hazard Level

Medium

Vulnerability Type

信任管理问题

Affected Vendor

Podman

Published

2025-06-24

Last Modified

2026-02-24

References

https://bugzilla.redhat.com/show_bug.cgi?id=2372501 https://access.redhat.com/security/cve/CVE-2025-6032 https://vigilance.fr/vulnerability/Podman-Man-in-the-Middle-via-OCI-Registry-VM-Images-Download-47555

Patch

https://podman.io/