How severe is CVE-2025-54287?

CVE-2025-54287 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-54287

Name: linux_kernel
Author: linux

6.5MEDIUM

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via speciall

Опубликовано: 10/2/2025Обновлено: 10/22/2025

Описание

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

ИИ-АнализНа базе ИИ

Затронутые продукты

canonicallxd

linuxlinux_kernel

Ссылки

https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
ExploitVendor Advisory
https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
ExploitVendor Advisory