Path Traversal in LXD Instance Log File Retrieval_CVE-2025-54293

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

Basic Information

ID CVE-2025-54293

Source canonical

Published Oct 2, 2025 at 10:43

Affected Product

Vendor Canonical

Product LXD

Version 6.0

Affected Versions Canonical LXD 6.0
Canonical LXD 5.21

CWE Classification

CWE-22

References

github.com /canonical/lxd/security/advisories/GHSA-472f-vmf2-pr3h

{
    "lastseen": "",
    "description": "Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.",
    "published": "2025-10-02T10:43:58.246Z",
    "modified": "2025-10-02T10:43:58.246Z",
    "type": "cve",
    "title": "Path Traversal in LXD Instance Log File Retrieval",
    "source": "canonical",
    "references": "https://github.com/canonical/lxd/security/advisories/GHSA-472f-vmf2-pr3h",
    "id": "CVE-2025-54293",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Canonical LXD 6.0\nCanonical LXD 5.21",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LXD",
    "version": "6.0",
    "vendor": "Canonical",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}