๐Ÿ” CVE Alert

CVE-2025-54286

UNKNOWN 0.0

CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.

CWE CWE-352
Vendor canonical
Product lxd
Ecosystems
Industries
Technology
Published Oct 2, 2025
Last Updated Feb 26, 2026
Stay Ahead of the Next One

Get instant alerts for canonical lxd

Be the first to know when new unknown vulnerabilities affecting canonical lxd are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Canonical / LXD
5.0 < 5.0.5 5.21 < 5.21.4 6.0 < 6.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/canonical/lxd/security/advisories/GHSA-p8hw-rfjg-689h

Credits

GMO Flatt Security Inc.