Vulnerability Database

313,495

Total vulnerabilities in the database

CVE-2025-54291

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.

Published: Oct 2, 2025
Updated: Dec 15, 2025
CVE: CVE-2025-54291
GHSA: GHSA-xch9-h8qw-85c7
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-209

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
github.com/canonical/lxd	4.0	5.21.4
github.com/canonical/lxd	6.0	6.5
github.com/canonical/lxd	0.0.0-20200331193331-03aab09f5b5c	0.0.0-20250827065555-0494f5d47e41
canonical / lxd	4.0.0	5.21.4
canonical / lxd	6.1	6.5

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo