| Name | CVE-2025-54292 |
| Description | Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
NOT-FOR-US: Canonical LXD LXD-UI (not bundled in src:lxd or src:incus)
https://github.com/canonical/lxd/security/advisories/GHSA-7425-4qpj-v4w3