How severe is CVE-2025-54287?

CVE-2025-54287 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-54287

Name: linux_kernel
Author: linux

6.5MEDIUM

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via speciall

Veröffentlicht: 10/2/2025Aktualisiert: 10/22/2025

Beschreibung

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

KI-AnalyseKI-gestützt

Betroffene Produkte

canonicallxd

linuxlinux_kernel

Referenzen

https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
ExploitVendor Advisory
https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
ExploitVendor Advisory