What is CVE-2025-54288?

CVE-2025-54288 is a vulnerability in Canonical Lxd, classified under Authentication Bypass by Spoofing. Published 2025-10-02.

Is CVE-2025-54288 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Canonical Lxd

CVE-2025-54288

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration…

EPSS: 0.001 (18.8th percentile) — read the EPSS interpretation.

Affected products

Canonical Lxd — versions 6.0, 5.21

Weakness classification (CWE)

CWE-290 — Authentication Bypass by Spoofing

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

github.com/canonical/lxd/security/advisories/GHSA-7232-97c6-j525

Frequently asked questions

What is CVE-2025-54288?: CVE-2025-54288 is a vulnerability in Canonical Lxd, classified under Authentication Bypass by Spoofing. Published 2025-10-02.
Is CVE-2025-54288 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.