Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 02 Oct 2025 09:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication. | |
Title | CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI | |
Weaknesses | CWE-352 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: canonical
Published:
Updated: 2025-10-02T13:28:14.799Z
Reserved: 2025-07-18T07:59:07.916Z
Link: CVE-2025-54286

No data.

Status : Received
Published: 2025-10-02T10:15:38.427
Modified: 2025-10-02T10:15:38.427
Link: CVE-2025-54286

No data.

No data.