CVE-2025-54290

MEDIUM

Canonical Lxd < 5.21.4 - Information Disclosure

Title source: rule

Description

Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.

References (1)

[Exploit, Vendor Advisory] https://github.com/canonical/lxd/security/advisories/GHSA-p3x5-mvmp-5f35

Scores

CVSS v3 5.3

EPSS 0.0007

EPSS Percentile 22.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

canonical/lxd < 5.21.4

canonical/lxd < 5.21.4Go

Timeline

Published Oct 02, 2025

Tracked Since Feb 18, 2026