CVE-2025-54410

EPSS 0.01%
Veröffentlicht 30.07.2025 13:24:50
Zuletzt bearbeitet 22.08.2025 17:27:29
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected.
Workarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mobyproject ≫ Moby Version < 25.0.13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.002

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.2	2	2.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
security-advisories@github.com	3.3	0.8	2.5	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-909 Missing Initialization of Resource

The product does not initialize a critical resource.

https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp

Third Party Advisory

https://firewalld.org/documentation/howto/reload-firewalld.html

Product

https://nvd.nist.gov/vuln/detail/CVE-2025-54410

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-54410

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-54410

EUVD