Information Spoofing Vulnerability in Canonical LXD Server
CVE-2025-54288

5.1MEDIUM

Key Information:

Vendor

Canonical

Status
Vendor
CVE Published:
2 October 2025

What is CVE-2025-54288?

An information spoofing vulnerability exists in the devLXD Server of Canonical's LXD for Linux container platforms. This issue allows attackers possessing root privileges in any container to masquerade as other containers. By exploiting this vulnerability, they can gain unauthorized access to critical metadata, configuration details, and device information by using deceptive process names in command line interfaces. Prompt attention is crucial to mitigate potential exploits.

Affected Version(s)

LXD 6.0 < 6.5

LXD 5.21 < 5.21.4

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-54288 : Information Spoofing Vulnerability in Canonical LXD Server