Container Access Vulnerability in Docker Engine Affecting Moby Framework
CVE-2025-54388

Currently unrated

Key Information:

Vendor: Docker Inc.
Status: Docker Engine
Vendor: CVE Published:; 30 July 2025

🔔 Create Docker Inc. Vulnerability Alert

What is CVE-2025-54388?

A configuration flaw in Docker Engine versions 28.2.0 to 28.3.2 allows external access to containers due to iptables rules being removed when the firewalld service is reloaded. This issue compromises the intended security by making ports published to localhost accessible from remote machines, thereby exposing sensitive containers. The problem is accounted for only on expressly published ports, while unpublished ports retain their protective measures. Users are advised to upgrade to version 28.3.3 or later to mitigate this vulnerability.

References

https://github.com/moby/moby/commit/bea959c7b793b32a89382...

https://github.com/moby/moby/pull/50506

https://github.com/moby/moby/security/advisories/GHSA-x4r...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2025