CVE-2025-52890
8.1
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
Summary
Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options security.mac_filtering, security.ipv4_filtering and security.ipv6_filtering. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the same bridge. Commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contains a patch for the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| lxc | incus | >= 6.12, <= 6.13 | affected |
Weaknesses
- CWE-863: CWE-863: Incorrect Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
- https://github.com/lxc/incus/security/advisories/GHSA-p7fw-vjjm-2rwp
- https://github.com/lxc/incus/commit/254dfd2483ab8de39b47c2258b7f1cf0759231c8
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.