High severityNVD Advisory· Published Oct 2, 2025· Updated Oct 2, 2025

Path Traversal in LXD Instance Log File Retrieval

CVE-2025-54293

Description

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/canonical/lxdGo	>= 4.0, < 5.21.4	5.21.4
github.com/canonical/lxdGo	>= 6.0, < 6.5	6.5
github.com/canonical/lxdGo	>= 0.0.0-20200331193331-03aab09f5b5c, < 0.0.0-20250224180022-ec09b24179f3	0.0.0-20250224180022-ec09b24179f3

Affected products

Canonical (company)/Lxdv5
Range: 6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-472f-vmf2-pr3hghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-54293ghsaADVISORY
github.com/canonical/lxd/pull/15022ghsaWEB
github.com/canonical/lxd/security/advisories/GHSA-472f-vmf2-pr3hghsaWEB
pkg.go.dev/vuln/GO-2025-4000ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000