Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 02 Oct 2025 09:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line. | |
Title | Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server | |
Weaknesses | CWE-290 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: canonical
Published:
Updated: 2025-10-02T13:22:55.575Z
Reserved: 2025-07-18T07:59:07.917Z
Link: CVE-2025-54288

No data.

Status : Received
Published: 2025-10-02T10:15:38.887
Modified: 2025-10-02T10:15:38.887
Link: CVE-2025-54288

No data.

No data.