DEBIAN-CVE-2025-4953
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-4953
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-4953.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-4953
- Upstream
- Published
- 2025-09-16T15:15:45.313Z
- Modified
- 2025-12-05T12:23:26.871836Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
- References
Affected packages
Debian:11 / libpod
Package
- Name
- libpod
- Purl
- pkg:deb/debian/libpod?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.0.1+dfsg1-3
3.0.1+dfsg1-3+deb11u1
3.0.1+dfsg1-3+deb11u2
3.0.1+dfsg1-3+deb11u3
3.0.1+dfsg1-3+deb11u4
3.0.1+dfsg1-3+deb11u5
3.1.0+ds1-1
3.1.2+ds1-1
3.2.0+ds5-1
3.2.0+ds5-2
3.2.1+ds1-1
3.2.1+ds1-2
3.2.2+ds1-1
3.2.3+ds1-1
3.3.0+ds2-1
3.3.0+ds2-2
3.3.1+ds2-1
3.4.0+ds1-1
3.4.1+ds1-1
3.4.1+ds1-2
3.4.2+ds1-1
3.4.3+ds1-1
3.4.4+ds1-1
3.4.6+ds1-1
3.4.7+ds1-1
3.4.7+ds1-2
3.4.7+ds1-3
4.*
4.0.0~rc5+ds1-1
4.0.1+ds1-1
4.0.1+ds1-2
4.0.1+ds1-3
4.0.3+ds1-1
4.1.0+ds2-1
4.1.0+ds2-2
4.1.1+ds1-1
4.1.1+ds1-2
4.2.0+ds1-1
4.2.0+ds1-2
4.2.0+ds1-3
4.3.1+ds1-1
4.3.1+ds1-2
4.3.1+ds1-3
4.3.1+ds1-4
4.3.1+ds1-5
4.3.1+ds1-6
4.3.1+ds1-7
4.3.1+ds1-8
4.4.0+ds1-1
4.5.0+ds2-1
4.5.1+ds1-1
4.5.1+ds1-2
4.6.2+ds1-1
4.6.2+ds1-2
4.6.2+ds1-3
4.6.2+ds1-4
4.7.1+ds4-1
4.7.1+ds4-2
4.7.1+ds4-3
4.7.1+ds4-4
4.7.1+ds4-5
4.7.2+ds1-1
4.7.2+ds1-2
4.8.3+ds1-1
4.8.3+ds1-2
4.9.0+ds1-1
4.9.0+ds1-2
4.9.2+ds1-1
4.9.2+ds1-2
4.9.3+ds1-1
4.9.4+ds1-1
4.9.5+ds1-1
5.*
5.0.0+ds1-1
5.0.2+ds1-1
5.0.2+ds1-2
5.0.2+ds1-3
5.0.3+ds1-1
5.0.3+ds1-2
5.0.3+ds1-3
5.0.3+ds1-4
5.0.3+ds1-5
5.2.0+ds1-1
5.2.0+ds1-2
5.2.0+ds1-3
5.2.0+ds1-4
5.2.0+ds1-5
5.2.1+ds1-1
5.2.1+ds1-2
5.2.1+ds1-3
5.2.1+ds1-4
5.2.2+ds1-1
5.2.2+ds1-2
Debian:12 / libpod
Package
- Name
- libpod
- Purl
- pkg:deb/debian/libpod?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.3.1+ds1-8
4.3.1+ds1-8+deb12u1
4.4.0+ds1-1
4.5.0+ds2-1
4.5.1+ds1-1
4.5.1+ds1-2
4.6.2+ds1-1
4.6.2+ds1-2
4.6.2+ds1-3
4.6.2+ds1-4
4.7.1+ds4-1
4.7.1+ds4-2
4.7.1+ds4-3
4.7.1+ds4-4
4.7.1+ds4-5
4.7.2+ds1-1
4.7.2+ds1-2
4.8.3+ds1-1
4.8.3+ds1-2
4.9.0+ds1-1
4.9.0+ds1-2
4.9.2+ds1-1
4.9.2+ds1-2
4.9.3+ds1-1
4.9.4+ds1-1
4.9.5+ds1-1
5.*
5.0.0+ds1-1
5.0.2+ds1-1
5.0.2+ds1-2
5.0.2+ds1-3
5.0.3+ds1-1
5.0.3+ds1-2
5.0.3+ds1-3
5.0.3+ds1-4
5.0.3+ds1-5
5.2.0+ds1-1
5.2.0+ds1-2
5.2.0+ds1-3
5.2.0+ds1-4
5.2.0+ds1-5
5.2.1+ds1-1
5.2.1+ds1-2
5.2.1+ds1-3
5.2.1+ds1-4
5.2.2+ds1-1
5.2.2+ds1-2
Debian:13 / podman
Package
- Name
- podman
- Purl
- pkg:deb/debian/podman?arch=source
Debian:14 / podman
Package
- Name
- podman
- Purl
- pkg:deb/debian/podman?arch=source