CNNVD-202510-363 Information

CNNVD ID

CNNVD-202510-363

Related CVE

CVE-2025-54289

• CNNVD Published: 2025-10-02

Description (Chinese)

LXD是Canonical开源的一款基于Linux系统用于管理应用程序的容器。 LXD 6.5之前版本存在安全漏洞，该漏洞源于操作API权限提升，可能导致劫持终端或控制台会话并通过WebSocket连接劫持执行任意命令。

Description (English)

LXD is an open-source section of Canonical based on the Linux system used to manage applications. There was a security loophole in the previous version of LXD 6.5, which stemmed from the increased authority to operate the API, which could lead to hijacking terminals or console sessions and to the execution of arbitrary orders through the WebSocket connection.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

科能软件

Published

2025-10-02

Last Modified

2026-02-24

References

https://github.com/canonical/lxd/security/advisories/GHSA-3g72-chj4-2228 https://vigilance.fr/vulnerability/Canonical-LXD-Incus-multiple-vulnerabilities-dated-17-10-2025-48518

Patch

https://github.com/canonical/lxd/releases