Template Injection in Canonical LXD 4.0+ Snapshot via Pongo2
CVE-2025-54287 Published on October 2, 2025

Arbitrary File Read via Template Injection in Snapshot Patterns
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

Github Repository NVD

Weakness Type

CWE-1336

Products Associated with CVE-2025-54287

Want to know whenever a new CVE is published for Canonical Lxd? stack.watch will email you.

Canonical Lxd

Affected Versions

Canonical LXD:

Version 6.0 and below 6.5 is affected.
Version 5.21 and below 5.21.4 is affected.

Exploit Probability

EPSS

0.06%

Percentile

19.09%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Template Injection in Canonical LXD 4.0+ Snapshot via Pongo2CVE-2025-54287 Published on October 2, 2025

Weakness Type

Products Associated with CVE-2025-54287

Affected Versions

Exploit Probability

Template Injection in Canonical LXD 4.0+ Snapshot via Pongo2
CVE-2025-54287 Published on October 2, 2025