CVE-2025-54288

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.0 and above

Description An information spoofing issue exists in the devLXD server component of Canonical LXD. Attackers with root privileges within a container can impersonate other containers and access their metadata, configuration, and device information. This is achieved by exploiting the process of container identification, specifically by spoofing process names in the command line. The issue resides in the findContainerForPID function within lxd/api devlxd.go. The vulnerability allows access to information via the following API endpoints: '/1.0/meta-data', '/1.0/config', '/1.0/config/{key}', and '/1.0/devices'. The attack involves manipulating the cmdline information to bypass PID namespace checks. Successful exploitation can lead to the theft of metadata, configuration details, and device information from other containers, potentially enabling inter-project information leakage in environments with multiple projects. The vulnerable component relies on the [lxc monitor] process.

Recommendations Update to LXD version 6.5 or 5.21.4 to address this vulnerability.