Project existence disclosure in LXD images API_CVE-2025-54291

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.

Basic Information

ID CVE-2025-54291

Source canonical

Published Oct 2, 2025 at 09:25

Affected Product

Vendor Canonical

Product LXD

Version 6.0

Affected Versions Canonical LXD 6.0
Canonical LXD 5.21

CWE Classification

CWE-209

References

github.com /canonical/lxd/security/advisories/GHSA-xch9-h8qw-85c7

{
    "lastseen": "",
    "description": "Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.",
    "published": "2025-10-02T09:25:42.466Z",
    "modified": "2025-10-02T09:25:42.466Z",
    "type": "cve",
    "title": "Project existence disclosure in LXD images API",
    "source": "canonical",
    "references": "https://github.com/canonical/lxd/security/advisories/GHSA-xch9-h8qw-85c7",
    "id": "CVE-2025-54291",
    "bulletinFamily": "",
    "cwe": [
        "CWE-209"
    ],
    "cvelist": null,
    "sourceData": "Canonical LXD 6.0\nCanonical LXD 5.21",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LXD",
    "version": "6.0",
    "vendor": "Canonical",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}