Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-54286

Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.4%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2025-54286
  • Canonical » Lxd » Version: 5.0.0
    cpe:2.3:a:canonical:lxd:5.0.0
  • Canonical » Lxd » Version: 5.0.1
    cpe:2.3:a:canonical:lxd:5.0.1
  • Canonical » Lxd » Version: 5.0.2
    cpe:2.3:a:canonical:lxd:5.0.2
  • Canonical » Lxd » Version: 5.0.3
    cpe:2.3:a:canonical:lxd:5.0.3
  • Canonical » Lxd » Version: 5.0.4
    cpe:2.3:a:canonical:lxd:5.0.4
  • Canonical » Lxd » Version: 5.21.0
    cpe:2.3:a:canonical:lxd:5.21.0
  • Canonical » Lxd » Version: 5.21.1
    cpe:2.3:a:canonical:lxd:5.21.1
  • Canonical » Lxd » Version: 5.21.2
    cpe:2.3:a:canonical:lxd:5.21.2
  • Canonical » Lxd » Version: 5.21.3
    cpe:2.3:a:canonical:lxd:5.21.3
  • Canonical » Lxd » Version: 6.1
    cpe:2.3:a:canonical:lxd:6.1
  • Canonical » Lxd » Version: 6.2
    cpe:2.3:a:canonical:lxd:6.2
  • Canonical » Lxd » Version: 6.3
    cpe:2.3:a:canonical:lxd:6.3
  • Canonical » Lxd » Version: 6.4
    cpe:2.3:a:canonical:lxd:6.4
  • Linux » Linux Kernel » Version: N/A
    cpe:2.3:o:linux:linux_kernel:-


Contact Us

Shodan ® - All rights reserved