Privilege Escalation in Canonical LXD 6.5
CVE-2025-54289
7.4HIGH
What is CVE-2025-54289?
A privilege escalation vulnerability exists in the operations API of Canonical LXD version 6.5 across multiple platforms. This flaw enables an attacker with read permissions to exploit WebSocket connection hijacking, potentially taking control of terminal or console sessions. By executing arbitrary commands, the attacker may gain unauthorized access and information exposure, impacting the security integrity of the system.
Affected Version(s)
LXD 6 < 6.5
LXD 5.21 < 5.21.4