CVE-2025-52890 Information

Jun 26, 2025 cve

Description

Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options security.mac_filtering security.ipv4_filtering and security.ipv6_filtering. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the same bridge. Commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contains a patch for the issue.

Reference

https://github.com/lxc/incus/commit/254dfd2483ab8de39b47c2258b7f1cf0759231c8 https://github.com/lxc/incus/security/advisories/GHSA-p7fw-vjjm-2rwp https://github.com/lxc/incus/security/advisories/GHSA-p7fw-vjjm-2rwp

CNNVD-202506-3170 (Published: 2025-06-25)

Share on:

CVE-2025-52890 Information

Description

Reference

Related CNNVD