CVE-2025-54286
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-10-22
Assigner: Canonical Ltd.
Description
Description
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| canonical | lxd | From 5.0.0 (inc) to 5.0.5 (exc) |
| canonical | lxd | From 5.21.0 (inc) to 5.21.4 (exc) |
| canonical | lxd | From 6.1 (inc) to 6.5 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
