CVE Tools
Sign in

CVE-2025-54388

Moby's Firewalld reload makes published container ports accessible from remote hosts

Published: Jul 30, 2025Updated: Sep 8, 2025 Sources: CVE List NVD GHSA BDUCWE-909
NVD MITRE
4.6CVSSMEDIUM
EPSS Score
0.2%
Top 90.1%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker should automatically recreate these rules, versions before 28.3.3 fail to recreate the specific rules that block external access to containers. This means that after a firewalld reload, containers with ports published to localhost (like 127.0.0.1:8080) become accessible from remote machines that have network routing to the Docker bridge, even though they should only be accessible from the host itself. The vulnerability only affects explicitly published ports - unpublished ports remain protected. This issue is fixed in version 28.3.3.

CVSS Vector Breakdown

AV:AAC:LPR:NUI:RS:UC:LI:LA:N
Exploitability
AV:AAttack Vector
Adjacent
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:RUser Interaction
Required
Scope
S:UScope
Unchanged
Impact
C:LConfidentiality
Low
I:LIntegrity
Low
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

CWE-909

Affected Products

mobymoby
On-prem
Cloud & SaaS / container-orchestration
MobyMoby Project
Mixed
Cloud & SaaS / container-orchestration
github.com/docker/dockerGoOSS Libraries
mobymobyproject
On-prem
Cloud & SaaS / container-orchestration
mobyoss-projectCloud & SaaSaka docker moby
moby projectoss-projectCloud & SaaSaka moby
gopackage-ecosystemOSS Libraries
mobyprojectoss-projectCloud & SaaSaka docker moby

Exploitability

Official Patch Available

References

https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4
github.com
https://github.com/moby/moby/pull/50506
github.com
https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0
github.com
and 2 more references View all →

Timeline

Published
Jul 30, 2025
Last Updated
Sep 8, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-54388 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows