← voltar
CVE-2025-54288

Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server

CVSS 5.1 MEDIUMEPSS 0.3%CWE-290
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
Produtos afetados
Canonical · LXD

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/canonical/lxd/security/advisories/GHSA-7232-97c6-j525