Missing initialization of resource in moby - CVE-2025-54410
Published: October 15, 2025
Vulnerability identifier: #VU117177
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-54410
CWE-ID: CWE-909
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Moby project
Affected software:
moby
moby
Detailed vulnerability description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Docker fails to re-create iptables rules that isolate bridge networks when firewalld reloads, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. A local user can gain unauthorized access to sensitive information on the system.
How to mitigate CVE-2025-54410
Install updates from vendor's website.