CVE-2025-54388

CVSS v4.0

5.1

Medium

Vector

AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions Moby versions 28.2.0 through 28.3.2

Description Moby is an open source container framework developed by Docker Inc. When the firewalld service is reloaded, it removes all iptables rules, including those created by Docker. In affected versions, Docker fails to recreate the specific rules that block external access to containers. This allows remote machines with network routing to the Docker bridge to access containers with ports published to localhost, even though they should only be accessible from the host. The vulnerability only affects explicitly published ports; unpublished ports remain protected.

Recommendations Moby versions 28.2.0 through 28.3.2: Upgrade to version 28.3.3 or later. As a workaround, restart the docker daemon after reloading firewalld. As a workaround, re-create bridge networks after reloading firewalld. As a workaround, use rootless mode.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-909

Related Identifiers

BDU:2025-09391

CVE-2025-54388

ECHO-6E85-3218-225E

GHSA-X4RX-4GW3-53P4

GO-2025-3830

OPENSUSE-SU-2025:15395-1

OPENSUSE-SU-2025:15434-1

OPENSUSE-SU-2026:20057-1

SUSE-SU-2025:02912-1

SUSE-SU-2025:02913-1

SUSE-SU-2025:02914-1

SUSE-SU-2025:20565-1

SUSE-SU-2025:20743-1

SUSE-SU-2025_02913-1

SUSE-SU-2025_02914-1

SUSE-SU-2026:20095-1

SUSE-SU-2026:20112-1

Affected Products

Debian

Docker

Moby

Red Os

Suse

CVE-2025-54388

Weakness Enumeration

Related Identifiers

Affected Products

References · 77