Linux Distros Unpatched Vulnerability : CVE-2025-54291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project...

Information Exposure

Overview github.com/canonical/lxd is an a modern, secure and powerful system container and virtual machine manager. Affected versions of this package are vulnerable to Information Exposure via differing HTTP status code responses in the images endpoint's AllowUntrusted API. An attacker can...

CVE-2025-54291

The CVE affects Canonical LXD, specifically the images API (LXD 1.0/images) where unauthenticated requests can reveal project existence by returning 404 for existing projects and 403 for non-existent ones. Root cause: error handling in the imagesGet path exposes project existence via HTTP status ...

CVE-2025-54290

CVE-2025-54290 affects Canonical LXD before 6.5 and 5.21.4 on Linux. The vulnerability lies in the image export API, where error handling and LIKE wildcard matching can reveal project existence without authentication. An attacker can remotely determine whether a project exists by sending crafted ...

CVE-2025-54290

Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...