#VU117177 Missing initialization of resource in moby - CVE-2025-54410
Vulnerability identifier: #VU117177
Vulnerability risk: Low
CVSSv4.0: 0.1 [CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-909
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
moby
Server applications /
Virtualization software
Vendor: Moby project
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Docker fails to re-create iptables rules that isolate bridge networks when firewalld reloads, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. A local user can gain unauthorized access to sensitive information on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
moby: 0.0.3, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.11.1, 0.12.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.1, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.11.0, 1.11.1, 1.11.2, 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.12.5, 1.12.6, 1.13.0, 1.13.1, 18.09.0, 18.09.1, 18.09.2, 18.09.3, 18.09.4, 18.09.5, 18.09.6, 18.09.7, 18.09.8, 18.09.9, 19.03.0, 19.03.1, 19.03.2, 19.03.3, 19.03.4, 19.03.5, 19.03.6, 19.03.7, 19.03.8, 19.03.9, 19.03.10, 19.03.11, 19.03.12, 19.03.13, 19.03.14, 19.03.15, 20.10.0, 20.10.1, 20.10.2, 20.10.3, 20.10.4, 20.10.5, 20.10.6, 20.10.7, 20.10.8, 20.10.9, 20.10.10, 20.10.11, 20.10.12, 20.10.13, 20.10.14, 20.10.15, 20.10.16, 20.10.17, 20.10.18, 20.10.19, 20.10.20, 20.10.21, 20.10.22, 20.10.23, 20.10.24, 20.10.25, 20.10.26, 20.10.27, 23.0.0, 23.0.1, 23.0.2, 23.0.3, 23.0.4, 23.0.5, 23.0.6, 23.0.7, 23.0.8, 23.0.9, 23.0.10, 23.0.11, 23.0.12, 23.0.13, 23.0.14, 23.0.15, 23.0.16, 23.0.17, 23.0.18, 24.0.0, 24.0.1, 24.0.2, 24.0.3, 24.0.4, 24.0.5, 24.0.6, 24.0.7, 24.0.8, 24.0.9, 25.0.0, 25.0.1, 25.0.2, 25.0.3, 25.0.4, 25.0.5, 25.0.6, 25.0.7, 25.0.8, 25.0.9, 25.0.10, 25.0.11, 25.0.12, 26.0.0, 26.0.0 rc1, 26.0.0 rc2, 26.0.0 rc3, 26.0.1, 26.0.2, 26.1.0, 26.1.1, 26.1.2, 26.1.3, 26.1.4, 26.1.5, 27.0.1, 27.0.2, 27.0.3, 27.1.0, 27.1.1, 27.1.2, 27.2.0, 27.2.1, 27.3.0, 27.3.1, 27.4.0, 27.4.1, 27.5.0, 27.5.1, 28.0.0
External links
https://firewalld.org/documentation/howto/reload-firewalld.html
https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
