CVE-2025-54292 MEDIUM

CVE-2025-54292: Client-Side Path Traversal in LXD-UI

Vendor Canonical
Product LXD
Weakness CWE-22 · Path traversal
Published October 2, 2025
Last update October 2, 2025

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

Key dates

02Disclosure timeline

October 2, 2025 CVE published
October 2, 2025 Record updated