We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-54410

Moby's Firewalld reload removes bridge network isolation



Description

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected. Workarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13.

Reserved 2025-07-21 | Published 2025-07-30 | Updated 2025-07-30 | Assigner GitHub_M


LOW: 3.3CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Problem types

CWE-909: Missing Initialization of Resource

Product status

<= 25.0.12
affected

References

github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp

firewalld.org/documentation/howto/reload-firewalld.html

cve.org (CVE-2025-54410)

nvd.nist.gov (CVE-2025-54410)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-54410

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.