Skip to content

Client-Side Path Traversal in LXD-UI

Low
tomponline published GHSA-7425-4qpj-v4w3 Oct 2, 2025

Package

lxd-ui (lxd)

Affected versions

>= 0.2

Patched versions

0.18

Description

Impact

In LXD-UI, insufficient input validation when various parameters are directly embedded in URL paths allows path traversal attacks. This vulnerability occurs when attackers create malicious resource names containing strings like ../, and when other users perform operations on those resources, path normalization causes unintended switching to different
projects or resources.

Specific problematic areas include, for example, the following API calls where group names are directly embedded in URL paths:

https://github.com/canonical/lxd-ui/blob/6a4a05268033774772612fda1f60dc9ae3967cd6/src/api/auth-groups.tsx#L38-L43

Additionally, as shown in the reproduction steps, similar issues occur in profile navigation
URL creation:

https://github.com/canonical/lxd-ui/blob/6a4a05268033774772612fda1f60dc9ae3967cd6/src/pages/profiles/ProfileLink.tsx#L12-L23

https://github.com/canonical/lxd-ui/blob/6a4a05268033774772612fda1f60dc9ae3967cd6/src/pages/instances/InstanceOverviewProfiles.tsx#L41-L49

During the penetration test period, we verified an attack that redirects to different profile edit screens by including backslash () in profile names. The reproduction steps are shown below.

Reproduction Steps

  1. Log in with permissions to create profiles in a specific project
  2. Open browser DevTools and execute the following JavaScript to create a profile containing path traversal:Note that this code sends an API request with a profile name containing path traversal strings to verify the vulnerability. In this PoC code, since forward slash (/) was prohibited, it uses backslash () and employs camouflage using spaces (using Japanese spaces since normal whitespace is stripped and would make the attack payload noticeable) to verify difficulty of detection in the UI.
(async () => {
const projectName = prompt("Enter target project name for
profile creation:");
const victimProjectName = prompt("Enter victim project
name:");
const victimProfileName = prompt("Enter victim profile
name:");
const japaneseSpaces = ' '.repeat(30);
const maliciousProfileName =
`changeme${japaneseSpaces}\\..\\..\\..\\${victimProjectName}\\
profile\\${victimProfileName}`;
const payload = {
name: maliciousProfileName,
description: "Test profile for path traversal"
};
const response = await
fetch(`/1.0/profiles?project=${projectName}`, {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(payload),
credentials: 'include'
});
})();
  1. When attempting to open the created profile, verify that the path is normalized and a different profile is opened

Also, confirm that the spaces make it more difficult to notice that the name is somewhat abnormal.

Risk

The attack conditions require that the attacker can set malicious resource names containing path traversal strings, and that another user (potentially with higher privileges) attempts to perform operations on that resource. However, given that many resources have name constraints, changing resource names like group names requires significant permissions, and victims must operate without noticing, the attack conditions are very difficult to meet.

Possible actions through the attack include, as shown in the reproduction steps, causing users to mistakenly modify profiles in different projects. For example, if the victim mistakenly adds the attacker's SSH key at this time, the attacker may be able to SSH into instances in different projects.

As mentioned above, in other cases verified during the penetration test period, effective attack vectors were not discovered due to resource name constraints, permission constraints, and inability to maintain normal frontend behavior.

Countermeasures

As a fundamental countermeasure, URL encoding should be performed when passing parameters as path parameters during API calls or when constructing navigation URLs. Similarly, for query parameters, values could be given = characters to specify different parameters. Therefore, we recommend using URL class searchParams instead of simple string concatenation.

Patches

LXD Series Status
6 Fixed in LXD 6.5 (LXD-UI 0.18)
5.21 Fixed in LXD 5.21.4 (LXD-UI ??)
5.0 Ignored - Not critical
4.0 Ignored - No web UI

References

Reported by GMO Flatt Security Inc.

Severity

Low

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CVE ID

CVE-2025-54292

Weaknesses

No CWEs