How severe is CVE-2025-54287?

CVE-2025-54287 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-54287

Name: linux_kernel
Author: linux

6.5MEDIUM

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via speciall

发布于: 10/2/2025更新于: 10/22/2025

描述

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

AI分析AI驱动

受影响产品

canonicallxd

linuxlinux_kernel

参考资料

https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
ExploitVendor Advisory
https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
ExploitVendor Advisory