GO-2025-4004 Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns in github.com/lxc/lxd

Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns in github.com/lxc/lxd...

GHSA-W2HG-2V4P-VMH6 Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns

Impact In LXD's instance snapshot creation functionality, the Pongo2 template engine is used in the snapshots.pattern configuration for generating snapshot names. While code execution functionality has not been found in this template engine, it has file reading capabilities, creating a...

Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns

Impact In LXD's instance snapshot creation functionality, the Pongo2 template engine is used in the snapshots.pattern configuration for generating snapshot names. While code execution functionality has not been found in this template engine, it has file reading capabilities, creating a...

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

CVE-2025-54287 Arbitrary File Read via Template Injection in Snapshot Patterns

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

CVE-2025-54287 Arbitrary File Read via Template Injection in Snapshot Patterns

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

CVE-2025-54287

CVE-2025-54287 affects Canonical LXD (>=4.0) in the instance snapshot creation component. The vulnerability uses the Pongo2 template engine in snapshots.pattern to enable arbitrary file reads on the host when an attacker has instance configuration permissions. Impact is host file disclosure (e...