CVEFinder.io

CVE-2025-8283

ℹī¸ low
Summary

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domain

Description

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.

CVSS Score
3.7
Low
EPSS Score
0.0
Exploit Probability
Published Date
2025-07-28
First Seen: 2026-01-05
Last Modified 2025-11-07
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-15

🔗 References 4

https://access.redhat.com/security/cve/CVE-2025-8283
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2383941
Issue Tracking
https://github.com/advisories/GHSA-rpcf-rmh6-42xr
https://github.com/containers/netavark/releases/tag/...

đŸ“Ļ Affected Products 4

Vendor Product Status Affected Versions
redhat enterprise_linux Affected
v10.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
redhat openshift_container_platform Affected
v4.0

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14512 đŸ”ļ medium 6.5 0.1 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov... 2025-12-11
CVE-2025-14087 đŸ”ļ medium 5.6 0.3 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a... 2025-12-10
CVE-2025-9784 ⚠ī¸ high 7.5 0.4 A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering ab... 2025-09-02
CVE-2025-7519 đŸ”ļ medium 6.7 0.0 A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds wri... 2025-07-14
CVE-2025-32988 đŸ”ļ medium 6.5 0.1 A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the expo... 2025-07-10
CVE-2025-32989 đŸ”ļ medium 5.3 0.1 A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Cert... 2025-07-10
These CVEs affect the same products