CVE-2025-54293

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Canonical LXD version 5.0 LTS

Description An issue exists in the log file retrieval function that allows authenticated remote attackers to read arbitrary files on the host system. This occurs through crafted log file names or symbolic links. The affected function is the log file retrieval function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-54293

DSA-6027-1

DSA-6028-1

GHSA-472F-VMF2-PR3H

GO-2025-4000

OPENSUSE-SU-2025:15710-1

Affected Products

Debian

Lxd

Red Os

CVE-2025-54293

Weakness Enumeration

Related Identifiers

Affected Products

References · 94