SecuriTricks - CVE-2025-8283

Description

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.

Product(s) Impacted

Vendor	Product	Versions
Redhat	Netavark Podman	* *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-15

External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	redhat	netavark	/	/	/	/	/	/	/	/
a	redhat	podman	/	/	/	/	/	/	/	/

References

https://access.redhat.com/security/cve/CVE-2025-8283

https://bugzilla.redhat.com/show_bug.cgi?id=2383941

CVSS Score

3.7 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

View Vector String

Timeline

Published: July 28, 2025, 7:15 p.m.
Last Modified: July 29, 2025, 2:14 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

CVE-2025-8283