CVE-2025-54292

CWE-22Path Traversal3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.0%
top 89.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Canonical LXD
Timeline
PublishedOct 2

Description

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5canonical/lxd5.215.21.4+1
NVDcanonical/lxd5.0.05.21.4+1

🔴Vulnerability Details

2
CVEList
Client-Side Path Traversal in LXD-UI2025-10-02
OSV
CVE-2025-54292: Path traversal in Canonical LXD LXD-UI versions before 62025-10-02
CVE-2025-54292 (MEDIUM CVSS 4.8) | Path traversal in Canonical LXD LXD | cvebase.io