Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-54388

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker should automatically recreate these rules, versions before 28.3.3 fail to recreate the specific rules that block external access to containers. This means that after a firewalld reload, containers with ports published to localhost (like 127.0.0.1:8080) become accessible from remote machines that have network routing to the Docker bridge, even though they should only be accessible from the host itself. The vulnerability only affects explicitly published ports - unpublished ports remain protected. This issue is fixed in version 28.3.3.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.6, indicating it requires adjacent network access with relatively low complexity though user interaction is required and does not require pre-existing privileges . The vulnerability impacts limited data confidentiality, limited integrity, for affected systems. Impacting 1 product from mobyproject organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2025, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2025-07-30T14:15:28.693

Last Modified

2025-09-08T16:34:31.630

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-909

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mobyproject	moby	< 28.3.3	Yes

References

https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0 Patch ([email protected])
https://github.com/moby/moby/pull/50506 Issue Tracking, Patch ([email protected])
https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4 Vendor Advisory ([email protected])

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For mobyproject's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.