{"id":"AZL-67049","summary":"CVE-2025-9566 affecting package podman 5.6.1-7","details":"There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1","modified":"2026-04-01T05:21:07.140134Z","published":"2025-09-05T20:15:36Z","upstream":["CVE-2025-9566"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9566"}],"affected":[{"package":{"name":"podman","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/podman"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.6.1-7"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67049.json"}}],"schema_version":"1.7.5"}