CVE-2025-54290
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-10-24
Assigner: Canonical Ltd.
Description
Description
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canonical | lxd | From 4.0.0 (inc) to 5.21.4 (exc) |
| canonical | lxd | From 6.1 (inc) to 6.5 (exc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an information disclosure issue in the image export API of Canonical LXD versions before 6.5 and 5.21.4 on Linux. It allows network attackers to determine the existence of projects without authentication by sending specially crafted requests using wildcard fingerprints.
How can this vulnerability impact me? :
The vulnerability can allow an unauthenticated network attacker to discover whether certain projects exist on the affected LXD system. This information disclosure could potentially be used to aid further attacks or reconnaissance.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70