Information Spoofing Vulnerability in Canonical LXD Server
CVE-2025-54288
5.1MEDIUM
What is CVE-2025-54288?
An information spoofing vulnerability exists in the devLXD Server of Canonical's LXD for Linux container platforms. This issue allows attackers possessing root privileges in any container to masquerade as other containers. By exploiting this vulnerability, they can gain unauthorized access to critical metadata, configuration details, and device information by using deceptive process names in command line interfaces. Prompt attention is crucial to mitigate potential exploits.
Affected Version(s)
LXD 6.0 < 6.5
LXD 5.21 < 5.21.4
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved