VDB

DEBIAN-CVE-2025-54287

DEBIAN-CVE-2025-54287 PUBLISHED CVSS 6.5 MEDIUM

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:13lxd0, 5.0.2+git20231211.1364ae4, 0
Debian:14incus6.0.4-2, 6.0.4-3, 0
Debian:12lxd0, 5.0.2-5, 0
Debian:13incus6.0.4-2+deb13u1~bpo12+1, 6.0.4-2, 0

Timeline

  • Oct 2, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›