CVE-2025-54292

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/canonical/lxd/security/advisories/GHSA-7425-4qpj-v4w3	Vendor Advisory Exploit
https://github.com/canonical/lxd/security/advisories/GHSA-7425-4qpj-v4w3	Vendor Advisory Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:canonical:lxd::::::::
	cpe:2.3:a:canonical:lxd::::::::

History

10 Dec 2025, 19:29

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.6
CPE		cpe:2.3:a:canonical:lxd::::::::
References	~~() https://github.com/canonical/lxd/security/advisories/GHSA-7425-4qpj-v4w3 -~~	() https://github.com/canonical/lxd/security/advisories/GHSA-7425-4qpj-v4w3 - Vendor Advisory, Exploit
First Time		Canonical Canonical lxd

02 Oct 2025, 16:15

Type	Values Removed	Values Added
References	~~() https://github.com/canonical/lxd/security/advisories/GHSA-7425-4qpj-v4w3 -~~	() https://github.com/canonical/lxd/security/advisories/GHSA-7425-4qpj-v4w3 -

02 Oct 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-02 10:15

Updated : 2025-12-10 19:29

NVD link : CVE-2025-54292

Mitre link : CVE-2025-54292

CVE.ORG link : CVE-2025-54292

JSON object : View

Products Affected

canonical

lxd

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-54292", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.1}], "cvssMetricV40": [{"type": "Secondary", "source": "security@ubuntu.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-10-02T10:15:39.567", "references": [{"url": "https://github.com/canonical/lxd/security/advisories/GHSA-7425-4qpj-v4w3", "tags": ["Vendor Advisory", "Exploit"], "source": "security@ubuntu.com"}, {"url": "https://github.com/canonical/lxd/security/advisories/GHSA-7425-4qpj-v4w3", "tags": ["Vendor Advisory", "Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@ubuntu.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths."}], "lastModified": "2025-12-10T19:29:48.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "384194F1-A594-4215-88F5-65388022F8C7", "versionEndExcluding": "5.21.4", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14733993-3FD6-4F2E-8379-670FC1E562E4", "versionEndExcluding": "6.5", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}