Path Traversal Vulnerability in Canonical LXD 5.0 LTS
CVE-2025-54293

7.1HIGH

Key Information:

Vendor: Canonical
Status: Lxd
Vendor: CVE Published:; 2 October 2025

What is CVE-2025-54293?

A path traversal vulnerability in the log file retrieval function of Canonical LXD 5.0 LTS allows authenticated remote attackers to exploit this weakness by crafting malicious log file names or symbolic links. This can potentially enable attackers to access arbitrary files on the host system, thereby compromising its security. It is crucial for users to apply the necessary updates and harden their configurations against such exploitation attempts.

Affected Version(s)

LXD 6.0 < 6.5

LXD 5.21 < 5.21.4

References

https://github.com/canonical/lxd/security/advisories/GHSA...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Jul 18, 2025

Credit

GMO Flatt Security Inc.

JSON