Skip to main content

Ubuntu CVE-2025-54287

| EUVDEUVD-2025-32636 MEDIUM
Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336)
2025-10-02 security@ubuntu.com GHSA-w2hg-2v4p-vmh6
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 13, 2026 - 19:12 euvd
EUVD-2025-32636
Analysis Generated
Mar 13, 2026 - 19:12 vuln.today
PoC Detected
Oct 22, 2025 - 15:39 vuln.today
Public exploit code
CVE Published
Oct 02, 2025 - 10:15 nvd
MEDIUM 6.5

DescriptionCVE.org

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

AnalysisAI

A arbitrary file access vulnerability (CVSS 6.5) that allows an attacker with instance configuration permissions. Risk factors: public PoC available.

Technical ContextAI

Vulnerability type: arbitrary file access.

RemediationAI

Monitor vendor channels for patch availability.

More in Lxd

View all
CVE-2025-54286 HIGH POC
8.8 Oct 02

Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and s

CVE-2025-54289 HIGH POC
8.1 Oct 02

Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions

CVE-2025-54288 MEDIUM POC
6.8 Oct 02

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attack

CVE-2025-54293 MEDIUM POC
6.5 Oct 02

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attacker

CVE-2026-12411 CRITICAL
9.6 Jun 26

Cross-guest storage-volume hijacking in Canonical LXD 6.6 through 6.8 lets an untrusted guest instance mount, read, and

CVE-2025-54290 MEDIUM POC
5.3 Oct 02

Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to d

CVE-2025-54291 MEDIUM POC
5.3 Oct 02

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remo

CVE-2025-54292 MEDIUM POC
4.6 Oct 02

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attac

CVE-2026-3351 MEDIUM POC
4.3 Mar 03

Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authen

CVE-2024-6219 LOW POC
3.8 Dec 06

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust

CVE-2024-6156 LOW POC
3.8 Dec 06

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was prese

CVE-2026-9640 HIGH
7.2 Jun 26

Privilege escalation in Canonical LXD (versions 6.0-6.8, 5.21.0-5.21.4, and 5.0.0-5.0.6) allows an authenticated project

Vendor StatusVendor

Ubuntu

Priority: Medium
lxd
Release Status Version
jammy DNE -
noble DNE -
plucky DNE -
upstream needs-triage -
bionic not-affected code not present
focal not-affected installs LXD snap
xenial not-affected code not present
questing DNE -

Debian

incus
Release Status Fixed Version Urgency
trixie fixed 6.0.4-2+deb13u1 -
trixie (security) fixed 6.0.4-2+deb13u4 -
forky, sid fixed 6.0.5-8 -
(unstable) fixed 6.0.5-1 -
lxd
Release Status Fixed Version Urgency
bookworm fixed 5.0.2-5+deb12u1 -
bookworm (security) fixed 5.0.2-5+deb12u3 -
trixie fixed 5.0.2+git20231211.1364ae4-9+deb13u1 -
trixie (security) fixed 5.0.2+git20231211.1364ae4-9+deb13u3 -
(unstable) fixed (unfixed) -

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2025-54287 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy