CVE-2025-54288

MEDIUM

Canonical Lxd < 5.21.4 - Authentication Bypass by Spoofing

Title source: rule
STIX 2.1

Description

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.

References (1)

Scores

CVSS v3 6.8
EPSS 0.0006
EPSS Percentile 19.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-290
Status published
Products (2)
canonical/lxd 4.0 - 5.21.4Go
canonical/lxd 4.0.0 - 5.21.4
Published Oct 02, 2025
Tracked Since Feb 18, 2026