Hello,
We detected a major vulnerability in the 25R1SU05 deliverd code by IFS
Is anyone facing the same security issue ?
ifscloud.jfrog.io/docker/sig-storage/smbplugin@7d4525de
This VM has high privileges in the environment. It is also running a container that was executed as privileged and is using an image with a critical/high severity initial access vulnerability. High permissions allow access to data or the ability to delete resources and disrupt workflows.
Privileged containers are essentially containers that were assigned all the possible capabilities, and some capabilities when assigned to containers can allow container escaping. Therefore, an attacker that compromises the container is able to escape to the host and abuse the high permissions, potentially performing highly privileged operations in the environment.
ifscloud.jfrog.io/docker/sig-storage/smbplugin@7d4525de
JFrog Artifactory Container Image
CVE-2025-10230The package libwbclient0 version 2:4.17.12+dfsg-0+deb12u1 was detected in APT package manager on a container image running Debian 12.9 is vulnerable to CVE-2025-10230, which exists in versions < 2:4.17.12+dfsg-0+deb12u3.
The vulnerability was found in the Official Debian Security Advisories with vendor severity: Critical (awaiting NVD analysis, CNA severity: Critical).
This vulnerability has a known exploit available. Source: VulnCheck.
The vulnerability can be remediated by updating the package to version 2:4.17.12+dfsg-0+deb12u3 or higher, by adding the following command to the Dockerfile: RUN apt upgrade libwbclient0.