CVE-2025-8283
3.7 LOWA vulnerability was found in the netavark package, a network stack for containers used with Podman
Published: 2025-07-28 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 3.7 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-15
Affected products
| Vendor | Product |
|---|---|
| redhat | enterprise_linux, openshift_container_platform |
Description
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-8283
- [Vendor advisory]https://access.redhat.com/security/cve/CVE-2025-8283
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=2383941
- [Other]https://github.com/advisories/GHSA-rpcf-rmh6-42xr
- [Other]https://github.com/containers/netavark/releases/tag/v1.15.1
- [Other]https://github.com/containers/podman/issues/2619
Related CVEs
Same vendor
- CVE-2026-50259 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50258 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50257 — A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence() (7.8 HIGH)
- CVE-2026-50256 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-1784 — The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy (8.8 HIGH)
Same CWE
- CVE-2026-0418 — Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper ...
- CVE-2026-46399 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
- CVE-2026-1784 — The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy (8.8 HIGH)
- CVE-2019-25716 — Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cau... (6.5 MEDIUM)
- CVE-2026-45087 — Dalfox is a powerful open-source XSS scanner and utility focused on automation (10.0 CRITICAL)