CVE-2025-54288
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-10-24
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| canonical | lxd | From 4.0.0 (inc) to 5.21.4 (exc) |
| canonical | lxd | From 6.1 (inc) to 6.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Information Spoofing issue in the devLXD Server of Canonical LXD versions 4.0 and above on Linux container platforms. It allows attackers who have root privileges inside any container to impersonate other containers by spoofing process names in the command line. Through this, they can obtain metadata, configuration, and device information of those other containers.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with root access inside a container to impersonate other containers and access sensitive information such as their metadata, configuration, and device details. This could lead to unauthorized information disclosure and potentially further attacks within the container environment.