CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

CVSS

No CVSS.

References

Link	Resource
https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6
https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6

Configurations

No configuration.

History

02 Oct 2025, 14:15

Type	Values Removed	Values Added
References	~~() https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6 -~~	() https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6 -

02 Oct 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-02 10:15

Updated : 2025-10-02 19:11

NVD link : CVE-2025-54287

Mitre link : CVE-2025-54287

CVE.ORG link : CVE-2025-54287

JSON object : View

Products Affected

No product.

CWE

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

{"id": "CVE-2025-54287", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@ubuntu.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-10-02T10:15:38.707", "references": [{"url": "https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6", "source": "security@ubuntu.com"}, {"url": "https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@ubuntu.com", "description": [{"lang": "en", "value": "CWE-1336"}]}], "descriptions": [{"lang": "en", "value": "Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration \npermissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine."}], "lastModified": "2025-10-02T19:11:46.753", "sourceIdentifier": "security@ubuntu.com"}