CVE-2025-54291

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-54291
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54291.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54291
Aliases
Downstream
Related
Published
2025-10-02T10:15:39.387Z
Modified
2026-03-23T05:12:33.996079233Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.

References

Affected packages

Git / github.com/canonical/lxd

Affected ranges

Type
GIT
Repo
https://github.com/canonical/lxd
Events
Introduced
03aab09f5b5cbdada00c6539877dcf5932fcde98
Fixed
0494f5d47e41af69a8374568c0cb8b3eefd72a6a
Introduced
5a492a3f0036c44d22c344505952e06ce517993a
Fixed
fec3cc832ca782d398c82d38f8532ef9d5be2e00

Affected versions

lxd-4.*
lxd-4.0.0
lxd-4.1
lxd-4.10
lxd-4.11
lxd-4.12
lxd-4.13
lxd-4.14
lxd-4.15
lxd-4.16
lxd-4.17
lxd-4.18
lxd-4.19
lxd-4.2
lxd-4.20
lxd-4.21
lxd-4.22
lxd-4.23
lxd-4.24
lxd-4.3
lxd-4.4
lxd-4.5
lxd-4.6
lxd-4.7
lxd-4.8
lxd-4.9
lxd-5.*
lxd-5.0.0
lxd-5.1
lxd-5.10
lxd-5.11
lxd-5.12
lxd-5.13
lxd-5.14
lxd-5.15
lxd-5.16
lxd-5.17
lxd-5.18
lxd-5.19
lxd-5.2
lxd-5.20
lxd-5.21.0
lxd-5.21.1
lxd-5.21.2
lxd-5.21.3
lxd-5.3
lxd-5.4
lxd-5.5
lxd-5.6
lxd-5.7
lxd-5.8
lxd-5.9
lxd-6.*
lxd-6.1
lxd-6.2
lxd-6.3
lxd-6.4
v5.*
v5.21.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54291.json"