CVE-2025-54286
02.10.2025, 10:15
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
| Vendor | Product | Version |
|---|---|---|
| canonical | lxd | 5.0.0 ≤ 𝑥 < 5.0.5 |
| canonical | lxd | 5.21.0 ≤ 𝑥 < 5.21.4 |
| canonical | lxd | 6.1 ≤ 𝑥 < 6.5 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration