DEBIAN-CVE-2025-54293

DEBIAN-CVE-2025-54293 PUBLISHED CVSS 6.5 MEDIUM

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:13	lxd	0, *, 0
Debian:13	incus	0, 6.0.4-2, 6.0.4-2
Debian:12	lxd	5.0.2-5, 0, 5.0.2-5
Debian:14	incus	0, 6.0.4-2, 6.0.4-3

Timeline

Oct 2, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-54293 advisory

Open in Interactive Console →