CVE-2025-54292

EPSS 0.04%

Published: 10/2/2025Modified: 11/4/2025

Description

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

Affected packages (2)

Debian/incusfrom 0
Debian/lxdfrom 0

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-54292