CVE-2025-54410

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-54410
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54410.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-54410
Aliases
Downstream
Published
2025-07-30T14:15:28Z
Modified
2025-07-31T20:51:07.195185Z
Summary
[none]
Details

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected. Workarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13.

References

Affected packages

Debian:11 / docker.io

Package

Name
docker.io
Purl
pkg:deb/debian/docker.io?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.10.5+dfsg1-1
20.10.5+dfsg1-1+deb11u1
20.10.5+dfsg1-1+deb11u2
20.10.5+dfsg1-1+deb11u3
20.10.5+dfsg1-1+deb11u4
20.10.8+dfsg1-1
20.10.8+dfsg1-2
20.10.10+dfsg1-1
20.10.11+dfsg1-1
20.10.11+dfsg1-2
20.10.14+dfsg1-1
20.10.17+dfsg1-1
20.10.19+dfsg1-1
20.10.21+dfsg1-1
20.10.22+dfsg1-1
20.10.22+dfsg1-2
20.10.23+dfsg1-1
20.10.24+dfsg1-1
20.10.25+dfsg1-1
20.10.25+dfsg1-2
20.10.25+dfsg1-3
20.10.25+dfsg1-4

26.*

26.1.4+dfsg1-1
26.1.4+dfsg1-2
26.1.4+dfsg1-3
26.1.4+dfsg1-4
26.1.4+dfsg1-5
26.1.4+dfsg1-6
26.1.4+dfsg1-7
26.1.4+dfsg1-8
26.1.4+dfsg1-9
26.1.4+dfsg2-1
26.1.4+dfsg3-1
26.1.5+dfsg1-1
26.1.5+dfsg1-2
26.1.5+dfsg1-3
26.1.5+dfsg1-4
26.1.5+dfsg1-5
26.1.5+dfsg1-6
26.1.5+dfsg1-7
26.1.5+dfsg1-8
26.1.5+dfsg1-9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / docker.io

Package

Name
docker.io
Purl
pkg:deb/debian/docker.io?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.10.24+dfsg1-1
20.10.24+dfsg1-1+deb12u1
20.10.25+dfsg1-1
20.10.25+dfsg1-2
20.10.25+dfsg1-3
20.10.25+dfsg1-4

26.*

26.1.4+dfsg1-1
26.1.4+dfsg1-2
26.1.4+dfsg1-3
26.1.4+dfsg1-4
26.1.4+dfsg1-5
26.1.4+dfsg1-6
26.1.4+dfsg1-7
26.1.4+dfsg1-8
26.1.4+dfsg1-9
26.1.4+dfsg2-1
26.1.4+dfsg3-1
26.1.5+dfsg1-1
26.1.5+dfsg1-2
26.1.5+dfsg1-3
26.1.5+dfsg1-4
26.1.5+dfsg1-5
26.1.5+dfsg1-6
26.1.5+dfsg1-7
26.1.5+dfsg1-8
26.1.5+dfsg1-9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / docker.io

Package

Name
docker.io
Purl
pkg:deb/debian/docker.io?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

26.*

26.1.5+dfsg1-9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/moby/moby

Affected ranges

Type
GIT
Repo
https://github.com/moby/moby
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.0.3

Other

autorun/1

docs-v1.*

docs-v1.12.0-rc4-2016-07-15

upstream/0.*

upstream/0.1.1
upstream/0.1.2
upstream/0.1.3
upstream/0.1.4

v0.*

v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.10.0
v0.11.0
v0.11.1
v0.12.0
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.7.0
v0.7.0-rc5
v0.7.0-rc6
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.8.0
v0.8.1
v0.9.0

v1.*

v1.0.0
v1.0.1
v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.4.0
v1.4.1

v17.*

v17.12.0-ce-rc1

v18.*

v18.04.0-ce-rc1
v18.06.0-ce-rc1
v18.09.0-ce-tp0

v19.*

v19.03.0-beta1
v19.03.0-beta2
v19.03.0-beta3

v20.*

v20.10.0
v20.10.0-beta1
v20.10.0-rc1
v20.10.0-rc2
v20.10.1
v20.10.2

v22.*

v22.06.0-beta.0

v24.*

v24.0.0-beta.1
v24.0.0-beta.2
v24.0.0-rc.1
v24.0.0-rc.2

v25.*

v25.0.0
v25.0.0-beta.1
v25.0.0-beta.2
v25.0.0-beta.3
v25.0.0-rc.1
v25.0.0-rc.2
v25.0.0-rc.3

v26.*

v26.0.0
v26.0.0-rc1
v26.0.0-rc2
v26.0.0-rc3
v26.1.0

v27.*

v27.0.0-rc.1
v27.0.0-rc.2
v27.0.1
v27.0.1-rc.1

v28.*

v28.0.0-rc.1
v28.0.0-rc.2
v28.0.0-rc.3