CVE-2025-54291

Source
https://cve.org/CVERecord?id=CVE-2025-54291
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54291.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54291
Aliases
Downstream
Related
Published
2025-10-02T09:25:42.466Z
Modified
2026-07-09T04:00:12.744880298Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Project existence disclosure in LXD images API
Details

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54291.json",
    "cwe_ids": [
        "CWE-209"
    ],
    "cna_assigner": "canonical"
}
References

Affected packages

Git / github.com/canonical/lxd

Affected ranges

Type
GIT
Repo
https://github.com/canonical/lxd
Events
Database specific
{
    "cpe": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "5.21.4"
        },
        {
            "introduced": "6.1"
        },
        {
            "fixed": "6.5"
        }
    ],
    "source": "CPE_RANGE"
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54291.json"