Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Advisories
Source ID Title
Debian DSA Debian DSA DSA-6027-1 incus security update
Debian DSA Debian DSA DSA-6028-1 lxd security update
EUVD EUVD EUVD-2025-32099 Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Github GHSA Github GHSA GHSA-p8hw-rfjg-689h Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 22 Oct 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux linux Kernel
CPEs cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Linux linux Kernel
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Fri, 03 Oct 2025 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical lxd
Linux
Linux linux
Vendors & Products Canonical
Canonical lxd
Linux
Linux linux

Thu, 02 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 02 Oct 2025 09:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Title CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI
Weaknesses CWE-352
References
Metrics cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2025-10-03T03:55:38.219Z

Reserved: 2025-07-18T07:59:07.916Z

Link: CVE-2025-54286

cve-icon Vulnrichment

Updated: 2025-10-02T13:28:06.576Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-02T10:15:38.427

Modified: 2025-10-22T15:47:31.957

Link: CVE-2025-54286

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-03T08:22:59Z