{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-54410","title":"Title"},{"category":"description","text":"Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected.\nWorkarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-54410","url":"https://www.suse.com/security/cve/CVE-2025-54410"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1247392 for CVE-2025-54410","url":"https://bugzilla.suse.com/1247392"},{"category":"external","summary":"Advisory link for SUSE-SU-2025:02912-1","url":"https://lists.suse.com/pipermail/sle-updates/2025-August/041294.html"}],"title":"SUSE CVE CVE-2025-54410","tracking":{"current_release_date":"2026-03-13T14:07:12Z","generator":{"date":"2025-07-30T23:21:57Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-54410","initial_release_date":"2025-07-30T23:21:57Z","revision_history":[{"date":"2025-07-30T23:21:57Z","number":"2","summary":"Current version"},{"date":"2025-08-01T23:22:42Z","number":"3","summary":"Current version"},{"date":"2025-08-04T23:22:07Z","number":"4","summary":"Current version"},{"date":"2025-08-14T02:53:40Z","number":"5","summary":"Current version"},{"date":"2025-08-19T23:22:07Z","number":"6","summary":"Current version"},{"date":"2025-11-02T03:52:13Z","number":"7","summary":"Current version"},{"date":"2025-12-14T00:23:56Z","number":"8","summary":"unknown changes"},{"date":"2025-12-25T00:28:26Z","number":"9","summary":"unknown changes"},{"date":"2026-01-02T00:31:07Z","number":"10","summary":"unknown changes"},{"date":"2026-01-13T00:31:17Z","number":"11","summary":"unknown changes"},{"date":"2026-03-11T16:54:48Z","number":"12","summary":"unknown changes"},{"date":"2026-03-13T14:07:12Z","number":"13","summary":"unknown changes"}],"status":"interim","version":"13"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SLES-LTSS-TERADATA 15 SP2","product":{"name":"SLES-LTSS-TERADATA 15 SP2","product_id":"SLES-LTSS-TERADATA 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss-teradata:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Package Hub 15 SP6","product":{"name":"SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:packagehub:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Package Hub 15 SP7","product":{"name":"SUSE Linux Enterprise Module for Package Hub 15 SP7","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:packagehub:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP1-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP1-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP3-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 16.0","product":{"name":"SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0","product_identification_helper":{"cpe":"cpe:/o:suse:sles:16:16.0:server"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp3"}}},{"category":"product_name","name":"SUSE Manager Client Tools for SLE 12","product":{"name":"SUSE Manager Client Tools for SLE 12","product_id":"SUSE Manager Client Tools for SLE 12","product_identification_helper":{"cpe":"cpe:/o:suse:sle-manager-tools:12"}}},{"category":"product_name","name":"SUSE Manager Client Tools for SLE 15","product":{"name":"SUSE Manager Client Tools for SLE 15","product_id":"SUSE Manager Client Tools for SLE 15","product_identification_helper":{"cpe":"cpe:/o:suse:sle-manager-tools:15"}}},{"category":"product_name","name":"SUSE Multi-Linux Manager Client Tools for SLE 12","product":{"name":"SUSE Multi-Linux Manager Client Tools for SLE 12","product_id":"SUSE Multi-Linux Manager Client Tools for SLE 12","product_identification_helper":{"cpe":"cpe:/o:suse:multi-linux-managertools-sle:12"}}},{"category":"product_name","name":"SUSE Multi-Linux Manager Client Tools for SLE 15","product":{"name":"SUSE Multi-Linux Manager Client Tools for SLE 15","product_id":"SUSE Multi-Linux Manager Client Tools for SLE 15","product_identification_helper":{"cpe":"cpe:/o:suse:multi-linux-managertools-sle:15"}}},{"category":"product_name","name":"openSUSE Leap 15.6","product":{"name":"openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.6"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"cf-cli","product":{"name":"cf-cli","product_id":"cf-cli","product_identification_helper":{"cpe":"cpe:2.3:a:pivotal:cloud_foundry_command_line_interface:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/cf-cli@?upstream=cf-cli.src.rpm"}}},{"category":"product_version","name":"govulncheck-vulndb-0.0.20250811T192933-1.1","product":{"name":"govulncheck-vulndb-0.0.20250811T192933-1.1","product_id":"govulncheck-vulndb-0.0.20250811T192933-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/govulncheck-vulndb@0.0.20250811T192933-1.1?upstream=govulncheck-vulndb-0.0.20250811T192933-1.1.src.rpm"}}},{"category":"product_version","name":"govulncheck-vulndb-0.0.20250814T182633-160000.1.2","product":{"name":"govulncheck-vulndb-0.0.20250814T182633-160000.1.2","product_id":"govulncheck-vulndb-0.0.20250814T182633-160000.1.2","product_identification_helper":{"purl":"pkg:rpm/suse/govulncheck-vulndb@0.0.20250814T182633-160000.1.2?upstream=govulncheck-vulndb-0.0.20250814T182633-160000.1.2.src.rpm"}}},{"category":"product_version","name":"grafana","product":{"name":"grafana","product_id":"grafana","product_identification_helper":{"cpe":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/grafana@?upstream=grafana.src.rpm"}}},{"category":"product_version","name":"singularity","product":{"name":"singularity","product_id":"singularity","product_identification_helper":{"cpe":"cpe:2.3:a:sylabs:singularity:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/singularity@?upstream=singularity.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"govulncheck-vulndb-0.0.20250814T182633-160000.1.2 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2"},"product_reference":"govulncheck-vulndb-0.0.20250814T182633-160000.1.2","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"govulncheck-vulndb-0.0.20250811T192933-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1"},"product_reference":"govulncheck-vulndb-0.0.20250811T192933-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"cf-cli as component of SLES-LTSS-TERADATA 15 SP2","product_id":"SLES-LTSS-TERADATA 15 SP2:cf-cli"},"product_reference":"cf-cli","relates_to_product_reference":"SLES-LTSS-TERADATA 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana"},"product_reference":"grafana","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"singularity as component of SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6:singularity"},"product_reference":"singularity","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of SUSE Linux Enterprise Module for Package Hub 15 SP7","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP7:grafana"},"product_reference":"grafana","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"cf-cli as component of SUSE Linux Enterprise Server 15 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP1-LTSS:cf-cli"},"product_reference":"cf-cli","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cf-cli as component of SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS:cf-cli"},"product_reference":"cf-cli","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cf-cli as component of SUSE Linux Enterprise Server 15 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP3-LTSS:cf-cli"},"product_reference":"cf-cli","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cf-cli as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cf-cli"},"product_reference":"cf-cli","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of SUSE Manager Client Tools for SLE 12","product_id":"SUSE Manager Client Tools for SLE 12:grafana"},"product_reference":"grafana","relates_to_product_reference":"SUSE Manager Client Tools for SLE 12"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of SUSE Manager Client Tools for SLE 15","product_id":"SUSE Manager Client Tools for SLE 15:grafana"},"product_reference":"grafana","relates_to_product_reference":"SUSE Manager Client Tools for SLE 15"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of SUSE Multi-Linux Manager Client Tools for SLE 12","product_id":"SUSE Multi-Linux Manager Client Tools for SLE 12:grafana"},"product_reference":"grafana","relates_to_product_reference":"SUSE Multi-Linux Manager Client Tools for SLE 12"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of SUSE Multi-Linux Manager Client Tools for SLE 15","product_id":"SUSE Multi-Linux Manager Client Tools for SLE 15:grafana"},"product_reference":"grafana","relates_to_product_reference":"SUSE Multi-Linux Manager Client Tools for SLE 15"},{"category":"default_component_of","full_product_name":{"name":"grafana as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:grafana"},"product_reference":"grafana","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"singularity as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:singularity"},"product_reference":"singularity","relates_to_product_reference":"openSUSE Leap 15.6"}]},"vulnerabilities":[{"cve":"CVE-2025-54410","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-54410"}],"notes":[{"category":"general","text":"Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected.\nWorkarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13.","title":"CVE description"}],"product_status":{"known_affected":["SLES-LTSS-TERADATA 15 SP2:cf-cli","SUSE Linux Enterprise Module for Package Hub 15 SP6:singularity","SUSE Linux Enterprise Server 15 SP1-LTSS:cf-cli","SUSE Linux Enterprise Server 15 SP2-LTSS:cf-cli","SUSE Linux Enterprise Server 15 SP3-LTSS:cf-cli","SUSE Linux Enterprise Server for SAP Applications 15 SP3:cf-cli","openSUSE Leap 15.6:singularity"],"known_not_affected":["SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana","SUSE Linux Enterprise Module for Package Hub 15 SP7:grafana","SUSE Manager Client Tools for SLE 12:grafana","SUSE Manager Client Tools for SLE 15:grafana","SUSE Multi-Linux Manager Client Tools for SLE 12:grafana","SUSE Multi-Linux Manager Client Tools for SLE 15:grafana","openSUSE Leap 15.6:grafana"],"recommended":["SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2","openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1"]},"references":[{"category":"external","summary":"CVE-2025-54410","url":"https://www.suse.com/security/cve/CVE-2025-54410"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1247392 for CVE-2025-54410","url":"https://bugzilla.suse.com/1247392"},{"category":"external","summary":"Advisory link for SUSE-SU-2025:02912-1","url":"https://lists.suse.com/pipermail/sle-updates/2025-August/041294.html"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2","openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1"]}],"scores":[{"cvss_v3":{"baseScore":3.9,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2","openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1"]}],"threats":[{"category":"impact","date":"2025-07-30T14:00:08Z","details":"moderate"}],"title":"CVE-2025-54410"}]}