CVE-2025-54293
Path Traversal in LXD Instance Log File Retrieval
In short
An authenticated attacker can read any file on the server by manipulating log file names in LXD 5.0 LTS. This bypasses normal access controls and exposes sensitive data.
Technical detail
Path traversal vulnerability in LXD 5.0 LTS log retrieval allows authenticated remote attackers to escape the intended log directory via crafted filenames or symlink exploitation, enabling arbitrary file read access on the host system. Requires valid authentication credentials; impacts confidentiality of all accessible files.
Summary generated and translated by AI from the official description.
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Canonical · LXDWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →