The podman kube play command can overwrite host files when the kube file contains a ConfigMap or Secret volume mount and the volume already contains a symlink to a host file. This allows a malicious container to write to arbitrary files on the host but the attacker only controls the target path not the contents that will be written to file. The contents are defined in the yaml file by the end user.
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:15901 https://access.redhat.com/errata/RHSA-2025:15901
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:15900 https://access.redhat.com/errata/RHSA-2025:15900
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:15904 https://access.redhat.com/errata/RHSA-2025:15904
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:16480 https://access.redhat.com/errata/RHSA-2025:16480
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:16481 https://access.redhat.com/errata/RHSA-2025:16481
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:16482 https://access.redhat.com/errata/RHSA-2025:16482
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:16488 https://access.redhat.com/errata/RHSA-2025:16488
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:16515 https://access.redhat.com/errata/RHSA-2025:16515
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:18218 https://access.redhat.com/errata/RHSA-2025:18218
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.19 Via RHSA-2025:18217 https://access.redhat.com/errata/RHSA-2025:18217
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2025:18240 https://access.redhat.com/errata/RHSA-2025:18240
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2025:19046 https://access.redhat.com/errata/RHSA-2025:19046
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.20 Via RHSA-2025:19002 https://access.redhat.com/errata/RHSA-2025:19002
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2025:19041 https://access.redhat.com/errata/RHSA-2025:19041
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:20909 https://access.redhat.com/errata/RHSA-2025:20909
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:20983 https://access.redhat.com/errata/RHSA-2025:20983
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2025:19894 https://access.redhat.com/errata/RHSA-2025:19894