Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-54291

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.

Published

2025-10-02T10:15:39.387

Last Modified

2025-10-24T14:11:07.983

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-209

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	canonical	lxd	< 5.21.4	Yes
Application	canonical	lxd	< 6.5	Yes

References

https://github.com/canonical/lxd/security/advisories/GHSA-xch9-h8qw-85c7 Exploit, Vendor Advisory ([email protected])