CNNVD-202506-3170 Information

CNNVD ID

CNNVD-202506-3170

Related CVE

CVE-2025-52890

• CNNVD Published: 2025-06-25

Description (Chinese)

Incus是LXC开源的一个系统容器和虚拟机管理器。 Incus 6.12版本和6.13版本存在安全漏洞，该漏洞源于nftables规则部分绕过安全选项，可能导致ARP欺骗。

Description (English)

Incus is a system container and virtual machine manager at the LXC open source. Incus 6.12 and 6.13 have a security loophole, which stems from the partial circumvention of security options in the nonftables rules, which could lead to ARP fraud.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

LXC

Published

2025-06-25

Last Modified

2026-02-24

References

https://github.com/lxc/incus/security/advisories/GHSA-p7fw-vjjm-2rwp https://github.com/lxc/incus/commit/254dfd2483ab8de39b47c2258b7f1cf0759231c8 https://access.redhat.com/security/cve/cve-2025-52890 https://nvd.nist.gov/vuln/detail/CVE-2025-52890

Patch

https://github.com/lxc/incus/releases