CVE-2019-25067

Publication date 9 June 2022

Last updated 11 July 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

6.3 · Medium

Score breakdown

Description

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.

Read the notes from the security team

Status

Package Ubuntu Release Status
libpod 25.10 questing Not in release
25.04 plucky Not in release
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Needs evaluation
23.10 mantic Ignored end of life, was needs-triage
23.04 lunar Ignored end of life, was needs-triage
22.10 kinetic Ignored end of life, was needs-triage
22.04 LTS jammy
Needs evaluation
21.10 impish Ignored end of life

Notes

eslerm

CVE possibly assigned based on entry in exploit-db possibly duplicates CVE-2019-10152 and other CVEs

Severity score breakdown

Parameter Value
Base score 6.3 · Medium
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact Low
Availability impact Low
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

Other references