CVE-2025-54388

CWE-9098 documents6 sources
Severity
5.1MEDIUM
EPSS
0.0%
top 99.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Docker/dockerMobyproject MobyMoby Moby
Timeline
PublishedJul 30
Latest updateAug 11

Description

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker should automatically recreate these rules, versions before 28.3.3 fail to recreate the specific rules that block external access to containers. This means that after

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Packages3 packages

Gogithub.com/docker/docker28.2.0+incompatible28.3.3+incompatible+1
NVDmobyproject/moby28.2.028.3.3
CVEListV5moby/moby>= 28.2.0, < 28.3.3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
Moby firewalld reload makes published container ports accessible from remote hosts in github.com/docker/docker2025-08-11
OSV
CVE-2025-54388: Moby is an open source container framework developed by Docker Inc2025-07-30
CVEList
Moby's Firewalld reload makes published container ports accessible from remote hosts2025-07-30
OSV
Moby firewalld reload makes published container ports accessible from remote hosts2025-07-29
GHSA
Moby firewalld reload makes published container ports accessible from remote hosts2025-07-29

📋Vendor Advisories

2
Red Hat
github.com/moby/moby: Moby's Firewalld reload makes container ports accessible2025-07-30
Debian
CVE-2025-54388: docker.io - Moby is an open source container framework developed by Docker Inc. that is dist...2025
CVE-2025-54388 (MEDIUM CVSS 5.1) | Moby is an open source container fr | cvebase.io