← back
CVE-2025-54288

Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server

CVSS 5.1 MEDIUMEPSS 0.3%CWE-290
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
Affected products
Canonical · LXD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/canonical/lxd/security/advisories/GHSA-7232-97c6-j525