Vulnerability Database

313,495

Total vulnerabilities in the database

CVE-2025-54288

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.

Published: Oct 2, 2025
Updated: Dec 15, 2025
CVE: CVE-2025-54288
GHSA: GHSA-7232-97c6-j525
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWEs:

CWE-290

Affected Software
References

Software	From	Fixed in
github.com/canonical/lxd	4.0	5.21.4
github.com/canonical/lxd	6.0	6.5
github.com/canonical/lxd	0.0.0-20200331193331-03aab09f5b5c	0.0.0-20250827065555-0494f5d47e41
canonical / lxd	4.0.0	5.21.4
canonical / lxd	6.1	6.5

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo