Information Spoofing Vulnerability in Canonical LXD Server
CVE-2025-54288
5.1MEDIUM
What is CVE-2025-54288?
An information spoofing vulnerability exists in the devLXD Server of Canonical's LXD for Linux container platforms. This issue allows attackers possessing root privileges in any container to masquerade as other containers. By exploiting this vulnerability, they can gain unauthorized access to critical metadata, configuration details, and device information by using deceptive process names in command line interfaces. Prompt attention is crucial to mitigate potential exploits.
Affected Version(s)
LXD 6.0 < 6.5
LXD 5.21 < 5.21.4