CVE-2025-8283 LOW

CVE-2025-8283: Netavark: podman: netavark may resolve hostnames to unexpected hosts

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-15
Published July 28, 2025
Last update May 19, 2026

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.

Key dates

02Disclosure timeline

July 28, 2025 CVE published
May 19, 2026 Record updated