- Description
- Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services (DHCP, DNS...) that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to DHCP pool exhaustion and opens the door for other attacks. A patch is available at commit 2516fb19ad8428454cb4edfe70c0a5f0dc1da214.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 3.4
- Impact score
- 1.4
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
- Severity
- LOW
- security-advisories@github.com
- CWE-770
- Hype score
- Not currently trending
🚀 Breaking: #openSUSE Tumbleweed patches incus-6.14-1.1 vulnerabilities (CVE-2025-52889/90). Container security just got stronger! Update now: sudo zypper update incus* Read more:👉https://t.co/zFyM3ilb0D #Linux #CyberSecurity https://t.co/okXtMJHVFe
@Cezar_H_Linux
8 Jul 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52889 Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for… https://t.co/011AYr1w0J
@CVEnew
25 Jun 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes