Security Advisory

CVE-2025-54287

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-02 09:16:02

Last updated 2025-10-02 13:27:42

Assigner canonical

State PUBLISHED

Description

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

← Browse all CVEs View on cve.org ↗