How severe is CVE-2025-54287?

CVE-2025-54287 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-54287

Name: linux_kernel
Author: linux

6.5MEDIUM

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via speciall

Published: 10/2/2025Updated: 10/22/2025

Description

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

AI AnalysisPowered by AI

Affected Products

canonicallxd

linuxlinux_kernel

References

https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
ExploitVendor Advisory
https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
ExploitVendor Advisory