What is the CVSS score of EUVD-2025-33223?

EUVD-2025-33223 has a CVSS 3.1 base score of 4.6 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Ubuntu are affected by EUVD-2025-33223?

Organizations using Canonical LXD LXD-UI should be aware of moderate risk from CVE-2025-54292, a path traversal vulnerability rated CVSS 4.6. This could allow unauthorized file access.. A patch is available.

Is there a public PoC exploit available for EUVD-2025-33223?

Yes, a public proof-of-concept exploit is available for EUVD-2025-33223. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-33223?

Within 30 days: Identify affected systems running Canonical LXD LXD-UI and apply vendor patches as part of regular patch cycle. Review file handling controls.

Ubuntu EUVD-2025-33223

| CVE-2025-54292 MEDIUM

Path Traversal (CWE-22)

2025-10-02 security@ubuntu.com

Path Traversal Ubuntu Lxd Suse

4.6

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

4.6 MEDIUM

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Ubuntu

MEDIUM

qualitative

SUSE

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

6.5,5.21.4

EUVD ID Assigned

Mar 13, 2026 - 19:12 euvd

EUVD-2025-33223

Analysis Generated

Mar 13, 2026 - 19:12 vuln.today

PoC Detected

Dec 10, 2025 - 19:29 vuln.today

Public exploit code

CVE Published

Oct 02, 2025 - 10:15 nvd

MEDIUM 4.6

DescriptionCVE.org

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

Analysis

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

RemediationAI

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

Vendor StatusVendor

Ubuntu

Priority: Medium

lxd

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
upstream	needs-triage	-
bionic	not-affected	no web UI
focal	not-affected	installs LXD snap
xenial	not-affected	no web UI
questing	DNE	-

SUSE

Severity: Medium

EUVD-2025-33223 vulnerability details – vuln.today

Back

Ubuntu EUVD-2025-33223

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Vendor StatusVendor

Ubuntu

SUSE

Share

External POC / Exploit Code