Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-6027-1 | incus security update |
EUVD |
EUVD-2025-32096 | Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format |
Github GHSA |
GHSA-3g72-chj4-2228 | Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 24 Oct 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:* | |
| Metrics |
cvssV3_1
|
Fri, 03 Oct 2025 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format | Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format |
Fri, 03 Oct 2025 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Canonical
Canonical lxd |
|
| Vendors & Products |
Canonical
Canonical lxd |
Thu, 02 Oct 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 02 Oct 2025 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format | |
| Title | Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API | |
| Weaknesses | CWE-1385 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: canonical
Published:
Updated: 2025-10-03T13:15:54.374Z
Reserved: 2025-07-18T07:59:07.917Z
Link: CVE-2025-54289
Updated: 2025-10-02T13:17:16.376Z
Status : Analyzed
Published: 2025-10-02T10:15:39.053
Modified: 2025-10-24T14:34:37.740
Link: CVE-2025-54289
No data.
OpenCVE Enrichment
Updated: 2025-10-03T08:22:51Z
Debian DSA
EUVD
Github GHSA