Login Sign Up

CVE-2025-54293

6.5 MEDIUM
Path Traversal

📋 TL;DR

This path traversal vulnerability in Canonical LXD 5.0 LTS allows authenticated remote attackers to read arbitrary files on the host system by manipulating log file names or symbolic links. It affects systems running LXD 5.0 LTS with authenticated access enabled. Attackers can potentially access sensitive system files and configuration data.

💻 Affected Systems

Products:
  • Canonical LXD
Versions: 5.0 LTS
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to LXD API; affects default installations with API access enabled.

📦 What is this software?

Lxd by Canonical

View all CVEs affecting Lxd →

Lxd by Canonical

View all CVEs affecting Lxd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full read access to sensitive host files including SSH keys, configuration files, passwords, and other credentials, potentially leading to complete system compromise.

🟠

Likely Case

Attackers read sensitive configuration files, application secrets, or user data stored on the host system, enabling further attacks or data exfiltration.

🟢

If Mitigated

With proper network segmentation and authentication controls, impact is limited to reading non-critical files within accessible directories.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once authentication is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0.1 or later

Vendor Advisory: https://github.com/canonical/lxd/security/advisories/GHSA-472f-vmf2-pr3h

Restart Required: Yes

Instructions:

1. Update LXD to version 5.0.1 or later using your package manager. 2. Restart the LXD service. 3. Verify the update was successful.

🔧 Temporary Workarounds

Restrict LXD API Access

linux

Limit network access to LXD API endpoints to trusted networks only

sudo ufw deny from any to any port 8443
sudo ufw allow from 192.168.1.0/24 to any port 8443

Disable Remote API Access

linux

Temporarily disable remote API access if not required

sudo systemctl stop lxd
sudo lxd init --auto --network-address=''

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate LXD instances from sensitive systems
  • Enforce strong authentication and limit user permissions to minimum required access

🔍 How to Verify

Check if Vulnerable:

Check LXD version: lxd --version should show 5.0.0

Check Version:

lxd --version

Verify Fix Applied:

Verify version is 5.0.1 or later: lxd --version

📡 Detection & Monitoring

Log Indicators:

  • Unusual log file access patterns
  • Failed attempts to access system files via LXD API
  • Multiple requests for non-standard log file names

Network Indicators:

  • Unusual API requests to log endpoints with path traversal patterns
  • Requests containing '../' sequences in log file parameters

SIEM Query:

source="lxd" AND (path="*../*" OR file="*../*")

📊 Metadata

CVE ID: CVE-2025-54293
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
EPSS Score: 0.08% exploit probability (23.6th percentile)
Published: October 2, 2025
Last Updated: December 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54293, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)