CNNVD-202511-895 Information

CNNVD ID

CNNVD-202511-895

Related CVE

CVE-2025-64507

• CNNVD Published: 2025-11-10

Description (Chinese)

Incus是LXC开源的一个系统容器和虚拟机管理器。 Incus 6.0.6之前版本和6.19.0之前版本存在安全漏洞，该漏洞源于未正确限制自定义存储卷的权限，可能导致权限提升。

Description (English)

Incus is a system container and virtual machine manager at the LXC open source. There is a security loophole in the pre-Incus version 6.6 and the pre-version version 6.19.0, which stems from an incorrect restriction of the permission to customize the repository, which may lead to an increase in privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

LXC

Published

2025-11-10

Last Modified

2026-02-24

References

https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf https://github.com/lxc/incus/pull/2642 https://github.com/lxc/incus/issues/2641 https://vigilance.fr/vulnerability/Incus-privilege-escalation-via-incus-user-48695

Patch

https://github.com/lxc/incus/releases