CVE-2025-54292

| EUVD-2025-33223 MEDIUM
2025-10-02 [email protected]
4.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 13, 2026 - 19:12 euvd
EUVD-2025-33223
Analysis Generated
Mar 13, 2026 - 19:12 vuln.today
PoC Detected
Dec 10, 2025 - 19:29 vuln.today
Public exploit code
CVE Published
Oct 02, 2025 - 10:15 nvd
MEDIUM 4.6

Tags

Path Traversal Ubuntu Lxd Suse

Description

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

Analysis

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

Technical Context

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

Affected Products

Affected products: Canonical Lxd

Remediation

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

Priority Score

43
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +23
POC: +20

Vendor Status

Ubuntu

Priority: Medium
lxd
Release Status Version
jammy DNE -
noble DNE -
plucky DNE -
upstream needs-triage -
bionic not-affected no web UI
focal not-affected installs LXD snap
xenial not-affected no web UI
questing DNE -

Share

CVE-2025-54292 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy