Arbitrary Data Exposure Vulnerability in Dstack Software Development Kit
CVE-2025-59054

8.5HIGH

Key Information:

Vendor: Dstack-tee
Status: Dstack
Vendor: CVE Published:; 12 September 2025

What is CVE-2025-59054?

CVE-2025-59054 is a vulnerability in the Dstack Software Development Kit (SDK), designed to facilitate the deployment of containerized applications within trusted execution environments. This flaw exists in Dstack versions prior to 0.5.4, where a malicious actor can exploit the SDK by providing a manipulated LUKS2 data volume to the Dstack Cloud Virtual Machine (CVM). Such manipulation enables the attacker to write secret data using a key they control, thereby potentially exposing sensitive information, including Wireguard keys. With the compromised LUKS2 volume metadata, the attacker can create a volume that opens without errors, regardless of the passphrase or token used, which could lead to unauthorized data access, compromise guest execution, and ultimately jeopardize the integrity and confidentiality of the applications running in affected environments.

Potential impact of CVE-2025-59054

Data Exposure: The primary impact of this vulnerability is the unauthorized access and exposure of sensitive data, including authentication keys and other critical information, which could lead to further exploitation and breaches within the organization.
Compromised Execution Environments: By pre-loading malicious data or configurations into the execution environment, attackers may manipulate or disrupt the operations of hosted applications, leading to service interruptions or degraded performance.
Increased Attack Surface: With the ability to control LUKS2 data volumes, the attack vector increases, making it easier for malicious actors to perform lateral movements within the network and target additional resources or systems, heightening the organization’s overall risk profile.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch