CVE-2025-4953

high

Description

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.

References

Advisories
More

https://access.redhat.com/errata/RHSA-2025:2703

https://access.redhat.com/errata/RHSA-2025:22265

https://access.redhat.com/errata/RHSA-2025:17669

https://access.redhat.com/errata/RHSA-2025:16729

https://access.redhat.com/errata/RHSA-2025:16724

https://access.redhat.com/errata/RHSA-2025:15904

https://access.redhat.com/errata/RHSA-2024:8690

https://github.com/containers/podman/pull/25173

https://bugzilla.redhat.com/show_bug.cgi?id=2367235

https://access.redhat.com/security/cve/CVE-2025-4953

Details

Source: Mitre, NVD

Published: 2025-09-16

Updated: 2025-12-03

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 7.4

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00031