VDB

DEBIAN-CVE-2025-54289

DEBIAN-CVE-2025-54289 PUBLISHED CVSS 8.100000381469727 HIGH

Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format

Risk Scores

CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Debian:12lxd5.0.2-6, 5.0.2+git20231211.1364ae4-8, 5.0.2+git20231211.1364ae4-9
Debian:14incus6.0.4-3, 6.0.4-2, 0
Debian:13incus6.0.4-2, 6.0.4-2+deb13u1~bpo12+1, 0
Debian:13lxd5.0.2+git20231211.1364ae4-9, 5.0.2+git20231211.1364ae4-9+deb13u1, 5.0.2+git20231211.1364ae4-9+deb13u2

Timeline

  • Oct 2, 2025 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›