Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
5DescriptionCVE.org
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
Analysis
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
Technical ContextAI
Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized.
RemediationAI
Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and s
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attack
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attacker
A arbitrary file access vulnerability (CVSS 6.5) that allows an attacker with instance configuration permissions. Risk
Cross-guest storage-volume hijacking in Canonical LXD 6.6 through 6.8 lets an untrusted guest instance mount, read, and
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to d
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remo
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attac
Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authen
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was prese
Privilege escalation in Canonical LXD (versions 6.0-6.8, 5.21.0-5.21.4, and 5.0.0-5.0.6) allows an authenticated project
Same weakness CWE-1385 – Missing Origin Validation in WebSockets
View allSame technique Privilege Escalation
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| jammy | DNE | - |
| noble | DNE | - |
| plucky | DNE | - |
| upstream | needs-triage | - |
| bionic | ignored | backporting risks regressions |
| focal | not-affected | installs LXD snap |
| xenial | ignored | backporting risks regressions |
| questing | DNE | - |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| trixie | fixed | 6.0.4-2+deb13u1 | - |
| trixie (security) | fixed | 6.0.4-2+deb13u4 | - |
| forky, sid | fixed | 6.0.5-8 | - |
| (unstable) | fixed | 6.0.5-1 | - |
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm | vulnerable | 5.0.2-5+deb12u2 | - |
| bookworm (security) | vulnerable | 5.0.2-5+deb12u3 | - |
| trixie | vulnerable | 5.0.2+git20231211.1364ae4-9+deb13u2 | - |
| trixie (security) | vulnerable | 5.0.2+git20231211.1364ae4-9+deb13u3 | - |
| (unstable) | fixed | (unfixed) | - |
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-32638
GHSA-3g72-chj4-2228