CVE-2025-54288 – This vulnerability allows attackers with root p... (How to Fix)

Q: What is the severity of CVE-2025-54288?

CVE-2025-54288 has a CVSS score of 6.8 (MEDIUM). This vulnerability allows attackers with root privileges inside any LXD container to spoof their process names to impersonate other containers. This enables them to access metadata, configuration, and device information from those containers. Affected systems are Canonical LXD installations version 4.0 and above on Linux container platforms.

📋 TL;DR

This vulnerability allows attackers with root privileges inside any LXD container to spoof their process names to impersonate other containers. This enables them to access metadata, configuration, and device information from those containers. Affected systems are Canonical LXD installations version 4.0 and above on Linux container platforms.

💻 Affected Systems

Products:

Canonical LXD

Versions: 4.0 and above

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires root privileges within a container to exploit. Only affects LXD installations with multiple containers.

📦 What is this software?

Lxd by Canonical

View all CVEs affecting Lxd →

Lxd by Canonical

View all CVEs affecting Lxd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with container root access could map all container configurations, identify sensitive data locations, and potentially escalate privileges by accessing privileged container information.

🟠

Likely Case

Malicious container users can gather intelligence about other containers on the same host, potentially identifying targets for further attacks or exfiltrating configuration data.

🟢

If Mitigated

With proper container isolation and monitoring, the impact is limited to information disclosure within the container environment without direct system compromise.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires root access within a container. The advisory provides technical details but no public exploit code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check latest LXD releases for specific patched version

Vendor Advisory: https://github.com/canonical/lxd/security/advisories/GHSA-7232-97c6-j525

Restart Required: Yes

Instructions:

1. Update LXD to the latest patched version. 2. Restart LXD service. 3. Verify the fix by checking version.

🔧 Temporary Workarounds

Restrict container privileges

linux

Limit container root access and implement strict container isolation policies

lxc config set <container> security.privileged false
lxc config set <container> security.nesting false

🧯 If You Can't Patch

Implement strict container isolation and monitoring
Limit container-to-container communication and access

🔍 How to Verify

Check if Vulnerable:

Check LXD version: lxd --version. If version is 4.0 or higher, system is vulnerable.

Check Version:

lxd --version

Verify Fix Applied:

Verify LXD version is updated to patched release and test container impersonation attempts fail.

📡 Detection & Monitoring

Log Indicators:

Unusual process name patterns in container logs
Multiple containers accessing similar metadata endpoints

Network Indicators:

Abnormal container-to-container communication patterns

SIEM Query:

Processes with spoofed container names in LXD logs

📊 Metadata

CVE ID: CVE-2025-54288

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-290

EPSS Score: 0.06% exploit probability (19.6th percentile)

Published: October 2, 2025

Last Updated: October 24, 2025

🔗 References

https://github.com/canonical/lxd/security/advisories/GHSA-7232-97c6-j525 Exploit,Vendor Advisory
https://github.com/canonical/lxd/security/advisories/GHSA-7232-97c6-j525 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54288, you might also want to check these: