CVE ID : CVE-2025-52890
Published : June 25, 2025, 5:15 p.m. | 16 hours, 25 minutes ago
Description : Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the same bridge. Commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contains a patch for the issue.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : June 25, 2025, 5:15 p.m. | 16 hours, 25 minutes ago
Description : Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the same bridge. Commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contains a patch for the issue.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…