View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2025-54293 not yet assigned priority: Debian including 2 source packages (incus, lxd), 5 status rows across 4 suites (bookworm, forky, sid, trixie): resolved 5.
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.