CVE-2025-54410
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-08-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mobyproject | moby | to 25.0.13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-909 | The product does not initialize a critical resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Moby, an open source container framework. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks. As a result, any container can access all ports on any other container across different bridge networks on the same host, breaking network segmentation between containers that should be isolated. Only containers in --internal networks remain protected.
How can this vulnerability impact me? :
The vulnerability allows containers to bypass network isolation, enabling any container to access all ports on other containers across different bridge networks on the same host. This creates a significant security risk, especially in multi-tenant environments, as it can lead to unauthorized access and potential compromise of containerized applications.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include reloading firewalld and then either restarting the Docker daemon, re-creating the bridge networks, or using rootless mode for Docker containers. These workarounds help restore network segmentation between containers until a fix is released in version 25.0.13.