Vulnerability Details CVE-2025-54292
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.9%
CVSS Severity
CVSS v3 Score 4.6
References
Products affected by CVE-2025-54292
-
cpe:2.3:a:canonical:lxd:5.0.0
-
cpe:2.3:a:canonical:lxd:5.0.1
-
cpe:2.3:a:canonical:lxd:5.0.2
-
cpe:2.3:a:canonical:lxd:5.0.3
-
cpe:2.3:a:canonical:lxd:5.0.4
-
cpe:2.3:a:canonical:lxd:5.1
-
cpe:2.3:a:canonical:lxd:5.10
-
cpe:2.3:a:canonical:lxd:5.11
-
cpe:2.3:a:canonical:lxd:5.12
-
cpe:2.3:a:canonical:lxd:5.13
-
cpe:2.3:a:canonical:lxd:5.14
-
cpe:2.3:a:canonical:lxd:5.15
-
cpe:2.3:a:canonical:lxd:5.16
-
cpe:2.3:a:canonical:lxd:5.17
-
cpe:2.3:a:canonical:lxd:5.18
-
cpe:2.3:a:canonical:lxd:5.19
-
cpe:2.3:a:canonical:lxd:5.2
-
cpe:2.3:a:canonical:lxd:5.20
-
cpe:2.3:a:canonical:lxd:5.21.0
-
cpe:2.3:a:canonical:lxd:5.21.1
-
cpe:2.3:a:canonical:lxd:5.21.2
-
cpe:2.3:a:canonical:lxd:5.21.3
-
cpe:2.3:a:canonical:lxd:5.3
-
cpe:2.3:a:canonical:lxd:5.4
-
cpe:2.3:a:canonical:lxd:5.5
-
cpe:2.3:a:canonical:lxd:5.6
-
cpe:2.3:a:canonical:lxd:5.7
-
cpe:2.3:a:canonical:lxd:5.8
-
cpe:2.3:a:canonical:lxd:5.9
-
cpe:2.3:a:canonical:lxd:6.1
-
cpe:2.3:a:canonical:lxd:6.2
-
cpe:2.3:a:canonical:lxd:6.3
-
cpe:2.3:a:canonical:lxd:6.4