VDB
DEBIAN-CVE-2025-54287
DEBIAN-CVE-2025-54287
PUBLISHED
CVSS 6.5 MEDIUM
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | lxd | 0, 5.0.2+git20231211.1364ae4, 0 |
| Debian:14 | incus | 6.0.4-2, 6.0.4-3, 0 |
| Debian:12 | lxd | 0, 5.0.2-5, 0 |
| Debian:13 | incus | 6.0.4-2+deb13u1~bpo12+1, 6.0.4-2, 0 |
Timeline
- Oct 2, 2025 CVE Published
- Apr 28, 2026 CVE Updated