PT-2025-40333 · Canonical+2 · Lxd+2
Published
2025-10-02
·
Updated
2025-11-17
·
CVE-2025-54290
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Canonical LXD versions prior to 6.5
Canonical LXD versions prior to 5.21.4
Description
An information disclosure issue exists in the image export API of Canonical LXD. A network attacker can determine project existence without authentication by sending crafted requests that utilize wildcard fingerprints. The issue affects systems running on Linux.
Recommendations
Update to a version of Canonical LXD 6.5 or later.
Update to a version of Canonical LXD 5.21.4 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Lxd
Red Os