{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T03:08:37.345","vulnerabilities":[{"cve":{"id":"CVE-2025-52890","sourceIdentifier":"security-advisories@github.com","published":"2025-06-25T17:15:39.370","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the same bridge. Commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contains a patch for the issue."},{"lang":"es","value":"Incus es un administrador de contenedores de sistema y máquinas virtuales. Al usar una ACL en un dispositivo conectado a un puente, las versiones 6.12 y 6.13 de Incus generan reglas de nftables que omiten parcialmente las opciones de seguridad `security.mac_filtering`, `security.ipv4_filtering` y `security.ipv6_filtering`. Esto puede provocar suplantación de ARP en el puente y suplantación completa de otra máquina virtual/contenedor en el mismo puente. El commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contiene un parche para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.7,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/lxc/incus/commit/254dfd2483ab8de39b47c2258b7f1cf0759231c8","source":"security-advisories@github.com"},{"url":"https://github.com/lxc/incus/security/advisories/GHSA-p7fw-vjjm-2rwp","source":"security-advisories@github.com"},{"url":"https://github.com/lxc/incus/security/advisories/GHSA-p7fw-vjjm-2rwp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}