CVE-2025-54292 is a path traversal vulnerability classified under CWE-22 affecting Canonical's LXD LXD-UI versions before 6.5 and 5.21.4 across all platforms. LXD is a container hypervisor widely used for managing Linux containers. The vulnerability arises due to improper limitation of pathname inputs, allowing attackers to craft resource names embedded in URL paths that traverse directories beyond intended boundaries. This enables remote authenticated users to access or modify files and resources outside the permitted scope, potentially leading to unauthorized data disclosure or integrity compromise. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and only low privileges (PR:L) with user interaction (UI:A). The vulnerability does not affect confidentiality, integrity, or availability directly at a high level but poses a risk of limited confidentiality loss (VC:L). No known exploits have been reported yet, but the vulnerability is publicly disclosed and patched in versions 6.5 and 5.21.4. The flaw stems from insufficient input validation and path sanitization in the LXD-UI component, which handles resource names in URL paths. This can be exploited by authenticated users to escape restricted directories and access or alter unintended files, potentially leading to privilege escalation or data leakage within containerized environments.

For European organizations, especially those relying on LXD for container management in cloud or on-premises environments, this vulnerability could lead to unauthorized access or modification of sensitive configuration files, container images, or operational data. This may compromise the integrity and confidentiality of container workloads, potentially affecting business-critical applications and services. The ability for authenticated users to exploit this flaw means insider threats or compromised credentials could be leveraged to escalate access. Given the widespread adoption of Linux containers in European data centers and cloud infrastructures, exploitation could disrupt operations or lead to data breaches. While the vulnerability does not directly impact availability, the indirect effects of unauthorized modifications could cause service disruptions or require costly incident response and remediation efforts.

Organizations should immediately upgrade affected LXD LXD-UI installations to versions 6.5 or 5.21.4 where the vulnerability is patched. In addition, implement strict input validation and sanitization on all resource name parameters to prevent path traversal attempts. Enforce the principle of least privilege for user accounts with access to LXD-UI, limiting permissions to only necessary resources. Monitor logs for unusual access patterns or attempts to use crafted URL paths indicative of exploitation attempts. Employ network segmentation to restrict access to LXD management interfaces to trusted administrators only. Regularly audit container and host file system permissions to detect unauthorized changes. Consider deploying web application firewalls (WAFs) with custom rules to detect and block path traversal payloads targeting LXD-UI endpoints. Finally, maintain an up-to-date inventory of container management software versions to ensure timely patching of vulnerabilities.