{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-54293","assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","state":"PUBLISHED","assignerShortName":"canonical","dateReserved":"2025-07-18T07:59:07.917Z","datePublished":"2025-10-02T10:43:58.246Z","dateUpdated":"2025-10-02T15:53:20.364Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"LXD","repo":"https://github.com/canonical/lxd","vendor":"Canonical","versions":[{"lessThan":"6.5","status":"affected","version":"6.0","versionType":"semver"},{"lessThan":"5.21.4","status":"affected","version":"5.21","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links."}],"value":"Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links."}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":7.1,"baseSeverity":"HIGH","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"references":[{"url":"https://github.com/canonical/lxd/security/advisories/GHSA-472f-vmf2-pr3h"}],"source":{"discovery":"EXTERNAL"},"credits":[{"lang":"en","value":"GMO Flatt Security Inc."}],"title":"Path Traversal in LXD Instance Log File Retrieval","providerMetadata":{"orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical","dateUpdated":"2025-10-02T10:43:58.246Z"}},"adp":[{"references":[{"url":"https://github.com/canonical/lxd/security/advisories/GHSA-472f-vmf2-pr3h","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-02T15:29:32.525667Z","id":"CVE-2025-54293","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-02T15:53:20.364Z"}}]}}