Path Traversal Vulnerability in Canonical LXD 5.0 LTS
CVE-2025-54293

7.1HIGH

Key Information:

Vendor

Canonical

Status
Vendor
CVE Published:
2 October 2025

What is CVE-2025-54293?

A path traversal vulnerability in the log file retrieval function of Canonical LXD 5.0 LTS allows authenticated remote attackers to exploit this weakness by crafting malicious log file names or symbolic links. This can potentially enable attackers to access arbitrary files on the host system, thereby compromising its security. It is crucial for users to apply the necessary updates and harden their configurations against such exploitation attempts.

Affected Version(s)

LXD 6.0 < 6.5

LXD 5.21 < 5.21.4

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

GMO Flatt Security Inc.
.
CVE-2025-54293 : Path Traversal Vulnerability in Canonical LXD 5.0 LTS