CVE-2025-8283
LOWDescription
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| redhat | openshift_container_platform |
| redhat | enterprise_linux |
| redhat | enterprise_linux |
| redhat | enterprise_linux |
References
Frequently Asked Questions
What is CVE-2025-8283? +
How severe is CVE-2025-8283? +
What products are affected by CVE-2025-8283? +
How do I check if I'm vulnerable to CVE-2025-8283? +
Related Vulnerabilities
HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version …
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of …
Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. …
Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow …
For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station …