CVE-2025-54293

CWE-22Path Traversal7 documents5 sources
Severity
7.1HIGH
EPSS
0.1%
top 79.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical LXDGithub.com Canonical/lxd
Timeline
PublishedOct 2
Latest updateNov 5

Description

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages5 packages

CVEListV5canonical/lxd5.215.21.4+1
NVDcanonical/lxd4.0.05.21.4+1
Gogithub.com/canonical/lxd4.05.21.4+2
Debianlxd< 5.0.2-5+deb12u1+1
Debianincus< 6.0.4-2+deb13u1+1

🔴Vulnerability Details

5
OSV
Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function in github.com/canonical/lxd2025-11-05
OSV
CVE-2025-54293: Path Traversal in the log file retrieval function in Canonical LXD 52025-10-02
GHSA
Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function2025-10-02
CVEList
Path Traversal in LXD Instance Log File Retrieval2025-10-02
OSV
Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function2025-10-02

📋Vendor Advisories

1
Debian
CVE-2025-54293: incus - Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Li...2025
CVE-2025-54293 (HIGH CVSS 7.1) | Path Traversal in the log file retr | cvebase.io