Info Disclosure in Canonical LXD Image Export API (pre-6.5/5.21.4)
CVE-2025-54290 Published on October 2, 2025
Project Existence Disclosure via Error Handling in LXD Image Export
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2025-54290 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2025-54290
Want to know whenever a new CVE is published for Canonical Lxd? stack.watch will email you.
Affected Versions
Canonical LXD:- Version 6.0 and below 6.5 is affected.
- Version 5.21 and below 5.21.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.