What is CVE-2025-54388?

CVE-2025-54388 is a vulnerability in Moby, classified under CWE-909. Published 2025-07-30.

Is CVE-2025-54388 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Moby

CVE-2025-54388

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld ser…

EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.

Affected products

Moby — versions >= 28.2.0, < 28.3.3

Weakness classification (CWE)

CWE-909

Public proof-of-concept exploits

References

https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4 (x_refsource_CONFIRM)
https://github.com/moby/moby/pull/50506 (x_refsource_MISC)
https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-54388?: CVE-2025-54388 is a vulnerability in Moby, classified under CWE-909. Published 2025-07-30.
Is CVE-2025-54388 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.