CVE-2025-54288

CWE-2907 documents5 sources
Severity
5.1MEDIUM
EPSS
0.1%
top 82.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical LXDGithub.com Canonical/lxd
Timeline
PublishedOct 2
Latest updateNov 5

Description

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages5 packages

CVEListV5canonical/lxd6.06.5+1
NVDcanonical/lxd4.0.05.21.4+1
Gogithub.com/canonical/lxd4.05.21.4+2
Debianlxd< 5.0.2-5+deb12u1+1
Debianincus< 6.0.4-2+deb13u1+1

🔴Vulnerability Details

5
OSV
Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server in github.com/canonical/lxd2025-11-05
OSV
CVE-2025-54288: Information Spoofing in devLXD Server in Canonical LXD versions 42025-10-02
CVEList
Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server2025-10-02
OSV
Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server2025-10-02
GHSA
Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server2025-10-02

📋Vendor Advisories

1
Debian
CVE-2025-54288: incus - Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on...2025
CVE-2025-54288 (MEDIUM CVSS 5.1) | Information Spoofing in devLXD Serv | cvebase.io