Podman, Insecure Temporary File, CVE-2025-XXXX (High)

Listen to this Post

The vulnerability exists within the `podman build` command’s handling of the `RUN –mount=type=bind` instruction. During the image build process, a temporary directory is created on the host to serve as the build context. When a bind mount is used within a RUN instruction, any files created or modified by that command within the mounted directory are not properly isolated. Instead of being discarded or contained solely within the temporary container’s filesystem, these changes are inadvertently committed back to the host’s temporary build context directory. This flaw occurs due to incorrect handling of file system layers and mount propagation, leaving sensitive files, which should be ephemeral, with insecure permissions on the host machine, accessible to other users and processes.
Platform: Podman
Version: Up to 4.x
Vulnerability: Insecure Permissions
Severity: High

date: 2025-09-16

Prediction: Patch by 2025-10-14

What Undercode Say:

`podman build -f Containerfile .`

`ls -la /tmp/podman-build-/`

`cat /tmp/podman-build-xyz789/mounted-data/secret.key`

How Exploit:

Attacker crafts a malicious Containerfile with a RUN instruction that uses a bind mount to write a file during build. The resulting file is not discarded and remains on the host in the temporary directory, which may have overly permissive permissions, allowing unauthorized read access.

Protection from this CVE:

Update Podman.

Audit build hosts.

Secure /tmp directories.

Impact:

Information Disclosure

Local Privilege Escalation

Host Filesystem Contamination

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top