CVE-2025-54287

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.0 and later

Description A template injection issue exists in the instance snapshot creation component. An attacker with instance configuration permissions can read arbitrary files on the host system by using specially crafted snapshot pattern templates with the Pongo2 template engine.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1336

Related Identifiers

CVE-2025-54287

DSA-6027-1

DSA-6028-1

GHSA-W2HG-2V4P-VMH6

GO-2025-4004

OPENSUSE-SU-2025:15710-1

Affected Products

Debian

Lxd

Red Os

CVE-2025-54287

Weakness Enumeration

Related Identifiers

Affected Products

References · 96