CVE-2025-54287
6.5MEDIUMTemplate Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via speciall
게시됨: 10/2/2025업데이트됨: 10/22/2025
설명
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
AI 분석AI 기반
영향받는 제품
canonicallxd
canonicallxd
linuxlinux_kernel
-
참조
- https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6ExploitVendor Advisory
- https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6ExploitVendor Advisory