Base Score

MEDIUM6.5

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

VectorNETWORK

Published Bysecurity@ubuntu.com

Published DateOct 02, 2025, 10:15

Affected Versions(3)

github.com/lxc/lxd(Go)

Introduced4.0

Fixed5.21.4

LimitN/A

github.com/lxc/lxd(Go)

Introduced6.0

Fixed6.5

LimitN/A

github.com/lxc/lxd(Go)

Introduced0.0.0-20200331193331-03aab09f5b5c

Fixed0.0.0-20250827065555-0494f5d47e41

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/lxc/lxd(Go)	4.0	5.21.4	N/A
github.com/lxc/lxd(Go)	6.0	6.5	N/A
github.com/lxc/lxd(Go)	0.0.0-20200331193331-03aab09f5b5c	0.0.0-20250827065555-0494f5d47e41	N/A

Weakness Type (CWE):CWE-1336

CVSS Metrics

Base Score

7.1

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

HIGH

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6

Base Score

MEDIUM6.5

Weakness Type (CWE):CWE-1336

CVSS Metrics

Base Score

7.1

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

HIGH

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)