Executive Summary

Informations
Name CVE-2025-52890 First vendor Publication 2025-06-25
Vendor Cve Last vendor Modification 2025-06-25

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the same bridge. Commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contains a patch for the issue.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52890

Sources (Detail)

https://github.com/lxc/incus/commit/254dfd2483ab8de39b47c2258b7f1cf0759231c8
https://github.com/lxc/incus/security/advisories/GHSA-p7fw-vjjm-2rwp
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2025-06-26 00:20:34
  • Multiple Updates
2025-06-25 21:20:33
  • First insertion