CVE-2025-4953

NameCVE-2025-4953
DescriptionA flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libpod (PTS)bullseye3.0.1+dfsg1-3+deb11u5vulnerable
bookworm4.3.1+ds1-8+deb12u1vulnerable
podman (PTS)trixie5.4.2+ds1-2vulnerable
forky, sid5.6.2+ds1-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpodsource(unstable)(unfixed)
podmansource(unstable)(unfixed)

Notes

[trixie] - podman <no-dsa> (Minor issue)
[bookworm] - libpod <no-dsa> (Minor issue)
[bullseye] - libpod <postponed> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=2367235
check details
Search for package or bug name: Reporting problems