Container Network Segmentation Vulnerability in Moby by Docker Inc.
CVE-2025-54410
What is CVE-2025-54410?
A significant vulnerability has been identified in Moby, an open source container framework by Docker Inc. This issue, stemming from the firewalld component, arises when firewalld is reloaded, leading to Docker failing to recreate the necessary iptables rules that ensure isolation between bridge networks. As a result, any container on the host can access all ports on other containers across different bridge networks, compromising the critical network segmentation that is vital in multi-tenant environments. Only containers within internal networks retain their protection, highlighting the urgency for users to apply recommended workarounds such as reloading firewalld and restarting the Docker daemon or utilizing rootless mode. A fix is anticipated in Moby version 25.0.13.