CVE-2025-54289
HIGHDescription
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
Is your site exposed to CVE-2025-54289?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| canonical | lxd |
| canonical | lxd |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-54289? +
How severe is CVE-2025-54289? +
What products are affected by CVE-2025-54289? +
How do I check if I'm vulnerable to CVE-2025-54289? +
Related Vulnerabilities
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and …
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting …
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there …
Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a …
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue …
In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) …