Privilege Escalation in Canonical LXD 6.5
CVE-2025-54289

7.4HIGH

Key Information:

Vendor: Canonical
Status: Lxd
Vendor: CVE Published:; 2 October 2025

What is CVE-2025-54289?

A privilege escalation vulnerability exists in the operations API of Canonical LXD version 6.5 across multiple platforms. This flaw enables an attacker with read permissions to exploit WebSocket connection hijacking, potentially taking control of terminal or console sessions. By executing arbitrary commands, the attacker may gain unauthorized access and information exposure, impacting the security integrity of the system.

Affected Version(s)

LXD 6 < 6.5

LXD 5.21 < 5.21.4

References

https://github.com/canonical/lxd/security/advisories/GHSA...

CVSS V4

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Jul 18, 2025

JSON