CVE-2025-54293

MEDIUM

Canonical Lxd < 5.21.4 - Path Traversal

Title source: rule

Description

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

References (1)

[Exploit, Vendor Advisory] https://github.com/canonical/lxd/security/advisories/GHSA-472f-vmf2-pr3h

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 18.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22

Status published

Affected Products (2)

canonical/lxd < 5.21.4

canonical/lxd < 5.21.4Go

Timeline

Published Oct 02, 2025

Tracked Since Feb 18, 2026