{"id":"CVE-2025-6032","details":"A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.","aliases":["GHSA-65gg-3w2w-hr4h","GO-2025-3777"],"modified":"2026-04-09T10:57:29.827113Z","published":"2025-06-24T14:15:30.703Z","related":["ALSA-2025:10549","ALSA-2025:10550","ALSA-2025:10551","CGA-68hh-wjg4-3v49","SUSE-SU-2025:02806-1","SUSE-SU-2025:02807-1","SUSE-SU-2025:02808-1","SUSE-SU-2025:20692-1","SUSE-SU-2025:20805-1","SUSE-SU-2025:20869-1","SUSE-SU-2026:20626-1","SUSE-SU-2026:20641-1","openSUSE-SU-2025:15262-1","openSUSE-SU-2025:15405-1","openSUSE-SU-2026:20305-1"],"references":[{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2025-6032"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:11681"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10549"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10668"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:11359"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9726"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9751"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9766"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10295"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:11363"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:11677"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:15397"},{"type":"ADVISORY","url":"https://github.com/containers/podman/security/advisories/GHSA-65gg-3w2w-hr4h"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10550"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10551"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372501"},{"type":"FIX","url":"https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/containers/podman","events":[{"introduced":"0"},{"fixed":"726b506acc8a00d99f1a3a1357ecf619a1f798c3"}]}],"versions":["v0.2","v0.2.1","v0.8.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-6032.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}