CVE-2025-54293 | THREATINT

Description

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

PUBLISHED Reserved 2025-07-18 | Published 2025-10-02 | Updated 2025-10-02 | Assigner canonical

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

6.0 before 6.5

affected

5.21 before 5.21.4

affected

Credits

GMO Flatt Security Inc.

References

github.com/...al/lxd/security/advisories/GHSA-472f-vmf2-pr3h

cve.org (CVE-2025-54293)

nvd.nist.gov (CVE-2025-54293)

Download JSON