CVE-2025-54410
LOWDescription
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected. Workarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mobyproject | moby |
References
Frequently Asked Questions
What is CVE-2025-54410? +
How severe is CVE-2025-54410? +
What products are affected by CVE-2025-54410? +
How do I check if I'm vulnerable to CVE-2025-54410? +
Related Vulnerabilities
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to …
The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a …
In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: …
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not …
In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() …