Vulnerability Details CVE-2025-54286
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.4%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2025-54286
-
cpe:2.3:a:canonical:lxd:5.0.0
-
cpe:2.3:a:canonical:lxd:5.0.1
-
cpe:2.3:a:canonical:lxd:5.0.2
-
cpe:2.3:a:canonical:lxd:5.0.3
-
cpe:2.3:a:canonical:lxd:5.0.4
-
cpe:2.3:a:canonical:lxd:5.21.0
-
cpe:2.3:a:canonical:lxd:5.21.1
-
cpe:2.3:a:canonical:lxd:5.21.2
-
cpe:2.3:a:canonical:lxd:5.21.3
-
cpe:2.3:a:canonical:lxd:6.1
-
cpe:2.3:a:canonical:lxd:6.2
-
cpe:2.3:a:canonical:lxd:6.3
-
cpe:2.3:a:canonical:lxd:6.4
-
cpe:2.3:o:linux:linux_kernel:-