CVE-2025-54286 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user co…
High CVSS: 7.5

CVE-2025-54286

Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Vendor
Canonical
Product
Lxd
CWE
CWE-352
Yayın Tarihi
2025-10-02 10:15:38
Güncelleme
2025-10-22 15:47:31
Source Identifier
security@ubuntu.com
KEV Date Added
-

Kategoriler

CWE-352 Lxd HIGH Canonical 2025

Referanslar

https://github.com/canonical/lxd/security/advisories/GHSA-p8hw-rfjg-689h https://github.com/canonical/lxd/security/advisories/GHSA-p8hw-rfjg-689h