CVE-2025-52890 Incus vulnerable to antispoofing nftables firewall rule bypass on bridge networks with ACLs

Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options security.macfiltering, security.ipv4filtering and security.ipv6filtering. This can lead to ARP...

CVE-2025-52890

Incus CVE-2025-52890 affects the Incus system container/VM manager; versions 6.12 and 6.13 generate nftables rules when an ACL is used on a bridge-connected device, which partially bypasses security.mac_filtering, security.ipv4_filtering and security.ipv6_filtering. This can enable ARP spoofing o...

CVE-2025-52889

Incus (system container/VM manager) on versions 6.12–6.13 is vulnerable when an ACL on a bridge-connected device is used: nftables rules for local services can bypass security.mac_filtering, security.ipv4_filtering, and security.ipv6_filtering, enabling DHCP pool exhaustion and potential further ...

Check Point FireWall-1 Spoofed UDP Packet Remote DoS

The machine or a router on the way crashed when it was flooded by incorrect UDP packets. This attack was known to work against FireWall-1 3.0, 4.0 or 4.1 An attacker may use this flaw to shut down this server, thus preventing you from working properly. C Tenable Network Security, Inc...