Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration
permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 02 Oct 2025 09:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine. | |
Title | Arbitrary File Read via Template Injection in Snapshot Patterns | |
Weaknesses | CWE-1336 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: canonical
Published:
Updated: 2025-10-02T13:27:42.957Z
Reserved: 2025-07-18T07:59:07.917Z
Link: CVE-2025-54287

No data.

Status : Received
Published: 2025-10-02T10:15:38.707
Modified: 2025-10-02T10:15:38.707
Link: CVE-2025-54287

No data.

No data.