CVE-2025-54287
6.5MEDIUMTemplate Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via speciall
Publicado: 10/2/2025Actualizado: 10/22/2025
Descripción
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
Análisis IAImpulsado por IA
Productos Afectados
canonicallxd
canonicallxd
linuxlinux_kernel
-
Referencias
- https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6ExploitVendor Advisory
- https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6ExploitVendor Advisory