DEBIAN-CVE-2025-4953

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-4953
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-4953.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-4953
Upstream
Published
2025-09-16T15:15:45.313Z
Modified
2025-11-20T10:18:23.964255Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.

References

Affected packages

Debian:11 / libpod

Package

Name
libpod
Purl
pkg:deb/debian/libpod?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.1+dfsg1-3
3.0.1+dfsg1-3+deb11u1
3.0.1+dfsg1-3+deb11u2
3.0.1+dfsg1-3+deb11u3
3.0.1+dfsg1-3+deb11u4
3.0.1+dfsg1-3+deb11u5
3.1.0+ds1-1
3.1.2+ds1-1
3.2.0+ds5-1
3.2.0+ds5-2
3.2.1+ds1-1
3.2.1+ds1-2
3.2.2+ds1-1
3.2.3+ds1-1
3.3.0+ds2-1
3.3.0+ds2-2
3.3.1+ds2-1
3.4.0+ds1-1
3.4.1+ds1-1
3.4.1+ds1-2
3.4.2+ds1-1
3.4.3+ds1-1
3.4.4+ds1-1
3.4.6+ds1-1
3.4.7+ds1-1
3.4.7+ds1-2
3.4.7+ds1-3

4.*

4.0.0~rc5+ds1-1
4.0.1+ds1-1
4.0.1+ds1-2
4.0.1+ds1-3
4.0.3+ds1-1
4.1.0+ds2-1
4.1.0+ds2-2
4.1.1+ds1-1
4.1.1+ds1-2
4.2.0+ds1-1
4.2.0+ds1-2
4.2.0+ds1-3
4.3.1+ds1-1
4.3.1+ds1-2
4.3.1+ds1-3
4.3.1+ds1-4
4.3.1+ds1-5
4.3.1+ds1-6
4.3.1+ds1-7
4.3.1+ds1-8
4.4.0+ds1-1
4.5.0+ds2-1
4.5.1+ds1-1
4.5.1+ds1-2
4.6.2+ds1-1
4.6.2+ds1-2
4.6.2+ds1-3
4.6.2+ds1-4
4.7.1+ds4-1
4.7.1+ds4-2
4.7.1+ds4-3
4.7.1+ds4-4
4.7.1+ds4-5
4.7.2+ds1-1
4.7.2+ds1-2
4.8.3+ds1-1
4.8.3+ds1-2
4.9.0+ds1-1
4.9.0+ds1-2
4.9.2+ds1-1
4.9.2+ds1-2
4.9.3+ds1-1
4.9.4+ds1-1
4.9.5+ds1-1

5.*

5.0.0+ds1-1
5.0.2+ds1-1
5.0.2+ds1-2
5.0.2+ds1-3
5.0.3+ds1-1
5.0.3+ds1-2
5.0.3+ds1-3
5.0.3+ds1-4
5.0.3+ds1-5
5.2.0+ds1-1
5.2.0+ds1-2
5.2.0+ds1-3
5.2.0+ds1-4
5.2.0+ds1-5
5.2.1+ds1-1
5.2.1+ds1-2
5.2.1+ds1-3
5.2.1+ds1-4
5.2.2+ds1-1
5.2.2+ds1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libpod

Package

Name
libpod
Purl
pkg:deb/debian/libpod?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.1+ds1-8
4.3.1+ds1-8+deb12u1
4.4.0+ds1-1
4.5.0+ds2-1
4.5.1+ds1-1
4.5.1+ds1-2
4.6.2+ds1-1
4.6.2+ds1-2
4.6.2+ds1-3
4.6.2+ds1-4
4.7.1+ds4-1
4.7.1+ds4-2
4.7.1+ds4-3
4.7.1+ds4-4
4.7.1+ds4-5
4.7.2+ds1-1
4.7.2+ds1-2
4.8.3+ds1-1
4.8.3+ds1-2
4.9.0+ds1-1
4.9.0+ds1-2
4.9.2+ds1-1
4.9.2+ds1-2
4.9.3+ds1-1
4.9.4+ds1-1
4.9.5+ds1-1

5.*

5.0.0+ds1-1
5.0.2+ds1-1
5.0.2+ds1-2
5.0.2+ds1-3
5.0.3+ds1-1
5.0.3+ds1-2
5.0.3+ds1-3
5.0.3+ds1-4
5.0.3+ds1-5
5.2.0+ds1-1
5.2.0+ds1-2
5.2.0+ds1-3
5.2.0+ds1-4
5.2.0+ds1-5
5.2.1+ds1-1
5.2.1+ds1-2
5.2.1+ds1-3
5.2.1+ds1-4
5.2.2+ds1-1
5.2.2+ds1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / podman

Package

Name
podman
Purl
pkg:deb/debian/podman?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2+ds1-2
5.6.1+ds1-1
5.6.1+ds1-2
5.6.1+ds2-2
5.6.1+ds2-3
5.6.2+ds1-1
5.6.2+ds1-2
5.6.2+ds1-3
5.6.2+ds1-3+exp1
5.6.2+ds1-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / podman

Package

Name
podman
Purl
pkg:deb/debian/podman?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2+ds1-2
5.6.1+ds1-1
5.6.1+ds1-2
5.6.1+ds2-2
5.6.1+ds2-3
5.6.2+ds1-1
5.6.2+ds1-2
5.6.2+ds1-3
5.6.2+ds1-3+exp1
5.6.2+ds1-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}