Privilege escalation in Lxc Incus

CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage…

Vulnerability class: Privilege Escalation

EPSS: 0.000 (8.0th percentile) — read the EPSS interpretation.

Affected products

Lxc Incus — versions < 6.0.6, >= 6.1.0, < 6.19.0

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf (x_refsource_CONFIRM)
https://github.com/lxc/incus/issues/2641 (x_refsource_MISC)
https://github.com/lxc/incus/pull/2642 (x_refsource_MISC)