CNNVD-202510-366 Information

CNNVD ID

CNNVD-202510-366

Related CVE

CVE-2025-54286

• CNNVD Published: 2025-10-02

Description (Chinese)

LXD是Canonical开源的一款基于Linux系统用于管理应用程序的容器。 LXD 5.0及之前版本存在安全漏洞，该漏洞源于客户端证书身份验证存在跨站请求伪造，可能导致未经用户同意创建和启动容器实例。

Description (English)

LXD is an open-source section of Canonical based on the Linux system used to manage applications. There is a security loophole in LXD 5.0 and previous versions, which stems from the existence of cross-site authentication requests for customer certificates, which may lead to the creation and activation of containers without the consent of the user.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

科能软件

Published

2025-10-02

Last Modified

2026-02-24

References

https://github.com/canonical/lxd/security/advisories/GHSA-p8hw-rfjg-689h https://vigilance.fr/vulnerability/Canonical-LXD-Incus-multiple-vulnerabilities-dated-17-10-2025-48518

Patch

https://github.com/canonical/lxd