Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54286.json",
"cna_assigner": "canonical",
"cwe_ids": [
"CWE-352"
]
}{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "5.0"
},
{
"fixed": "5.0.5"
},
{
"introduced": "5.21"
},
{
"fixed": "5.21.4"
},
{
"introduced": "6.0"
},
{
"fixed": "6.5"
}
]
}