VulnerableCode Package Details - pkg:rpm/redhat/podman@6:5.4.0-12?arch=el10

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/podman@6:5.4.0-12?arch=el10_0

purl	pkg:rpm/redhat/podman@6:5.4.0-12?arch=el10_0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-tuub-p4f4-nqer Aliases: CVE-2025-6032 GHSA-65gg-3w2w-hr4h	Podman Improper Certificate Validation; machine missing TLS verification ### Impact The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry (which it does by default since 5.0.0) allowing a possible Man In The Middle attack. ### Patches https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3 Fixed in v5.5.2 ### Workarounds Download the disk image manually via some other tool that verifies the TLS connection. Then pass the local image as file path (podman machine init --image ./somepath)	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:39:06.674027+00:00	RedHat Importer	Affected by	VCID-tuub-p4f4-nqer	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6032.json	38.0.0