CVE-2025-54410: Moby firewalld reload removes bridge network isolation

July 29, 2025 (updated December 20, 2025)

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby is commonly referred to as Docker, or Docker Engine.

Firewalld is a daemon used by some Linux distributions to provide a dynamically managed firewall. When Firewalld is running, Docker uses its iptables backend to create rules, including rules to isolate containers in one bridge network from containers in other bridge networks.

References

firewalld.org/documentation/howto/reload-firewalld.html
github.com/advisories/GHSA-4vq8-7jfc-9cvp
github.com/moby/moby
github.com/moby/moby/pull/49443
github.com/moby/moby/pull/49728
github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp
nvd.nist.gov/vuln/detail/CVE-2025-54410

Code Behaviors & Features

Detect and mitigate CVE-2025-54410 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →