CVE-2025-54287

Published
View on NVD ↗
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

canonical/lxd
canonical/lxd
Powerful system container and virtual machine manager
GitHubGitHub
4.77K