The vulnerability CVE-2025-59054 affects dstack, an SDK designed to deploy containerized applications into trusted execution environments (TEEs). In versions before 0.5.4, the vulnerability allows a malicious host to supply a specially crafted LUKS2 encrypted data volume as the `/data` mount for a dstack Confidential Virtual Machine (CVM) guest. LUKS2 volumes are used to encrypt data, but their metadata is not authenticated and supports null key-encryption algorithms. This flaw enables an attacker to create a volume that opens without error regardless of the passphrase, records all guest writes in plaintext or ciphertext with a key known to the attacker, and preload arbitrary data. When the guest writes secret information such as Wireguard keys to this volume, the attacker gains access to these secrets, compromising confidentiality. Furthermore, preloading data can potentially alter guest execution, threatening integrity. The vulnerability requires the attacker to control the host environment but does not require guest authentication or user interaction, making it a local privilege escalation and data disclosure risk. The issue was addressed in dstack version 0.5.4 by patching the handling of LUKS headers to ensure metadata authentication and prevent null key-encryption misuse. No known exploits are reported in the wild as of publication. The CVSS 4.0 vector indicates local attack vector, low complexity, no privileges or user interaction needed, with high impact on confidentiality and integrity but no impact on availability.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of sensitive data processed within dstack-based TEEs. Organizations using dstack to deploy containerized applications that handle sensitive workloads—such as financial institutions, healthcare providers, and government agencies—may inadvertently expose cryptographic keys (e.g., Wireguard VPN keys) and other secrets to malicious insiders or compromised hosts. This could lead to unauthorized network access, data breaches, and potential lateral movement within internal networks. The ability to preload arbitrary data further raises the risk of guest environment compromise, potentially allowing attackers to execute malicious code or disrupt critical services. Given the increasing adoption of TEEs for secure application deployment in Europe, this vulnerability could undermine trust in these environments and lead to regulatory compliance issues, especially under GDPR where data protection is paramount. The local attack vector means that attackers must have some level of host access, which may be feasible in multi-tenant cloud or shared infrastructure scenarios common in European data centers.

European organizations should immediately upgrade all dstack deployments to version 0.5.4 or later, which includes the patch addressing LUKS header authentication and null key-encryption misuse. Until upgrades are applied, restrict host-level access to trusted administrators only and monitor for unusual volume mounts or LUKS2 volume usage patterns. Implement strict host integrity verification and runtime monitoring to detect unauthorized volume manipulations. Consider isolating dstack hosts in hardened environments with minimal attack surface and enforce strong host access controls and auditing. Additionally, review and rotate all cryptographic keys (e.g., Wireguard keys) that may have been exposed due to this vulnerability. For environments where upgrading is not immediately possible, avoid using LUKS2 encrypted volumes as `/data` mounts or use alternative secure storage mechanisms that enforce metadata authentication. Finally, incorporate this vulnerability into incident response plans and threat hunting activities to detect potential exploitation attempts.