CVE-2025-54287

High CVSS: 7.1

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration
permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

Vendor

Canonical

Product

Lxd

CWE

CWE-1336

Yayın Tarihi

2025-10-02 10:15:38

Güncelleme

2025-10-22 15:39:01

Source Identifier

security@ubuntu.com

KEV Date Added

Kategoriler

CWE-1336 Lxd HIGH Canonical 2025

Referanslar

https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6 https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6

Benzer Kayıtlar

Critical

CVE-2026-4370

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the inter…

Medium

CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret o…

Medium

CVE-2026-32691

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit…

High

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18…

High

CVE-2026-32693

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which…

Low

CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated,…