How severe is CVE-2025-54287?

CVE-2025-54287 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-54287

Name: linux_kernel
Author: linux

6.5MEDIUM

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via speciall

公開日: 10/2/2025更新日: 10/22/2025

説明

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

AI分析AIによる分析

影響を受ける製品

canonicallxd

linuxlinux_kernel

参照

https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
ExploitVendor Advisory
https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
ExploitVendor Advisory