Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-6027-1 | incus security update |
Debian DSA |
DSA-6028-1 | lxd security update |
EUVD |
EUVD-2025-32097 | Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line. |
Github GHSA |
GHSA-7232-97c6-j525 | Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 24 Oct 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Linux linux Kernel
|
|
| CPEs | cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| Vendors & Products |
Linux linux Kernel
|
|
| Metrics |
cvssV3_1
|
Fri, 03 Oct 2025 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Canonical
Canonical lxd Linux Linux linux |
|
| Vendors & Products |
Canonical
Canonical lxd Linux Linux linux |
Thu, 02 Oct 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 02 Oct 2025 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line. | |
| Title | Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server | |
| Weaknesses | CWE-290 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: canonical
Published:
Updated: 2025-10-02T13:22:55.575Z
Reserved: 2025-07-18T07:59:07.917Z
Link: CVE-2025-54288
Updated: 2025-10-02T13:22:45.355Z
Status : Analyzed
Published: 2025-10-02T10:15:38.887
Modified: 2025-10-24T14:44:18.773
Link: CVE-2025-54288
No data.
OpenCVE Enrichment
Updated: 2025-10-03T08:22:56Z
Debian DSA
EUVD
Github GHSA