CVE-2025-59054

CVSS v4.0

8.5

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions dstack versions prior to 0.5.4

Description dstack is a software development kit (SDK) designed to simplify the deployment of containerized applications into trusted execution environments. In versions prior to 0.5.4, a malicious host can provide a specially crafted LUKS2 data volume to a dstack CVM for use as the

/data

mount. This allows the guest to open the volume and write secret data using a volume key known to the attacker, potentially leading to the disclosure of sensitive information such as Wireguard keys. The attacker can also pre-load data onto the device, which could compromise guest execution. The issue stems from the fact that LUKS2 volume metadata is not authenticated and supports null key-encryption algorithms, enabling an attacker to create a volume that opens without error, records all writes in plaintext or with an attacker-known key, and contains arbitrary data chosen by the attacker.

Recommendations Update dstack to version 0.5.4 or later.

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

CVE-2025-59054

GHSA-JXQ2-HPW3-M5WF

Affected Products

Dstack

CVE-2025-59054

Weakness Enumeration

Related Identifiers

Affected Products

References · 15