CVE-2025-54288

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-54288

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54288.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-54288

Aliases

Downstream

DEBIAN-CVE-2025-54288

DSA-6027-1

DSA-6028-1

UBUNTU-CVE-2025-54288

Related

GHSA-7232-97c6-j525

Published

2025-10-02T10:15:38Z

Modified

2025-11-05T19:58:59.820306Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.

References

https://github.com/canonical/lxd/security/advisories/GHSA-7232-97c6-j525

Affected packages

Git / github.com/canonical/lxd

Affected ranges

Type: GIT
Repo: https://github.com/canonical/lxd
Events: Introduced

03aab09f5b5cbdada00c6539877dcf5932fcde98

Fixed

0494f5d47e41af69a8374568c0cb8b3eefd72a6a

Affected versions

lxd-4.*

lxd-4.0.0

lxd-4.1

lxd-4.10

lxd-4.11

lxd-4.12

lxd-4.13

lxd-4.14

lxd-4.15

lxd-4.16

lxd-4.17

lxd-4.18

lxd-4.19

lxd-4.2

lxd-4.20

lxd-4.21

lxd-4.22

lxd-4.23

lxd-4.24

lxd-4.3

lxd-4.4

lxd-4.5

lxd-4.6

lxd-4.7

lxd-4.8

lxd-4.9

lxd-5.*

lxd-5.0.0

lxd-5.1

lxd-5.10

lxd-5.11

lxd-5.12

lxd-5.13

lxd-5.14

lxd-5.15

lxd-5.16

lxd-5.17

lxd-5.18

lxd-5.19

lxd-5.2

lxd-5.20

lxd-5.21.0

lxd-5.21.1

lxd-5.21.2

lxd-5.21.3

lxd-5.3

lxd-5.4

lxd-5.5

lxd-5.6

lxd-5.7

lxd-5.8

lxd-5.9

v5.*

v5.21.0