CVE-2025-54287
6.5MEDIUMTemplate Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via speciall
Publicado: 10/2/2025Atualizado: 10/22/2025
Descrição
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
Análise IADesenvolvido por IA
Produtos Afetados
canonicallxd
canonicallxd
linuxlinux_kernel
-
Referências
- https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6ExploitVendor Advisory
- https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6ExploitVendor Advisory