Information Spoofing in Canonical LXD 4.0+ via devLXD Server
CVE-2025-54288 Published on October 2, 2025
Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.
Weakness Type
Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
Products Associated with CVE-2025-54288
Want to know whenever a new CVE is published for Canonical Lxd? stack.watch will email you.
Affected Versions
Canonical LXD:- Version 6.0 and below 6.5 is affected.
- Version 5.21 and below 5.21.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.