CVE-2025-54286

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-54286

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54286.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-54286

Aliases

Downstream

DEBIAN-CVE-2025-54286

DSA-6027-1

DSA-6028-1

UBUNTU-CVE-2025-54286

Related

GHSA-p8hw-rfjg-689h

Published

2025-10-02T10:15:38Z

Modified

2025-11-05T19:58:45.934038Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.

References

https://github.com/canonical/lxd/security/advisories/GHSA-p8hw-rfjg-689h

Affected packages

Git / github.com/canonical/lxd

Affected ranges

Type: GIT
Repo: https://github.com/canonical/lxd
Events: Introduced

1e1349e3cbf30c1b2ce74e531d4dd0fd52c45be1

Fixed

4ef455e67d5ea672dc2602f41530b1683e1ab5f1

Affected versions

lxd-5.*

lxd-5.0.0

lxd-5.0.1

lxd-5.0.2

lxd-5.0.3

lxd-5.0.4