Vulnerability-Lookup

CVE-2025-54287 (GCVE-0-2025-54287)

Vulnerability from cvelistv5 – Published: 2025-10-02 09:16 – Updated: 2025-10-02 13:27

Title

Arbitrary File Read via Template Injection in Snapshot Patterns

Summary

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

Severity ?

7.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine

Assigner

canonical

References

URL

Tags

https://github.com/canonical/lxd/security/advisor…

Impacted products

	Vendor	Product	Version
	Canonical	LXD	Affected: 6.0 , < 6.5 (semver) Affected: 5.21 , < 5.21.4 (semver)

Credits

GMO Flatt Security Inc.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54287",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-02T13:27:39.753650Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-02T13:27:42.957Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "LXD",
          "repo": "https://github.com/canonical/lxd",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "6.5",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.21.4",
              "status": "affected",
              "version": "5.21",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "GMO Flatt Security Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Template Injection in instance snapshot creation component in Canonical LXD (\u0026gt;= 4.0) allows an attacker with instance configuration \npermissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine."
            }
          ],
          "value": "Template Injection in instance snapshot creation component in Canonical LXD (\u003e= 4.0) allows an attacker with instance configuration \npermissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1336",
              "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-02T10:43:48.716Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "url": "https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Arbitrary File Read via Template Injection in Snapshot Patterns"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2025-54287",
    "datePublished": "2025-10-02T09:16:02.241Z",
    "dateReserved": "2025-07-18T07:59:07.917Z",
    "dateUpdated": "2025-10-02T13:27:42.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54287\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-02T13:27:39.753650Z\"}}}], \"references\": [{\"url\": \"https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-02T13:27:31.810Z\"}}], \"cna\": {\"title\": \"Arbitrary File Read via Template Injection in Snapshot Patterns\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"GMO Flatt Security Inc.\"}], \"impacts\": [{\"capecId\": \"CAPEC-165\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-165 File Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/canonical/lxd\", \"vendor\": \"Canonical\", \"product\": \"LXD\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"lessThan\": \"6.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.21\", \"lessThan\": \"5.21.4\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Template Injection in instance snapshot creation component in Canonical LXD (\u003e= 4.0) allows an attacker with instance configuration \\npermissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Template Injection in instance snapshot creation component in Canonical LXD (\u0026gt;= 4.0) allows an attacker with instance configuration \\npermissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1336\", \"description\": \"CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine\"}]}], \"providerMetadata\": {\"orgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"shortName\": \"canonical\", \"dateUpdated\": \"2025-10-02T10:43:48.716Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-54287\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-02T13:27:42.957Z\", \"dateReserved\": \"2025-07-18T07:59:07.917Z\", \"assignerOrgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"datePublished\": \"2025-10-02T09:16:02.241Z\", \"assignerShortName\": \"canonical\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-W2HG-2V4P-VMH6

Vulnerability from github – Published: 2025-10-02 21:21 – Updated: 2026-01-16 22:03

Summary

Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns

Details

Impact

In LXD's instance snapshot creation functionality, the Pongo2 template engine is used in the snapshots.pattern configuration for generating snapshot names. While code execution functionality has not been found in this template engine, it has file reading capabilities, creating a vulnerability that allows arbitrary file reading through template injection attacks.

Reproduction Steps

Log in to LXD-UI with an account that has permissions to modify instance settings
Set the following template injection payload in the instance snapshot pattern:

{% filter urlencode|slice:":100" %}{% include "/etc/passwd" %}{%endfilter %}

Note that the above template uses the Pongo2 template engine's include tag to read system files. It also uses urlencode and slice filters to bypass character count and type restrictions.

Set scheduled snapshots to run every minute and wait for snapshot generation
Wait about a minute and confirm that file contents can be obtained from the created snapshot name

Risk

The attack requires having configuration change permissions for LXD instances. The attack allows reading arbitrary files accessible with LXD process permissions. This could lead to leakage of the following information: - LXD host configuration files (/etc/passwd, /etc/shadow, etc.) - LXD database files (containing information about all projects and instances) - Configuration files and data of other instances - Sensitive information on the host system

Countermeasures

Pongo2 provides mechanisms for sandboxing templates.

Template sandboxing (directory patterns, banned tags/filters) ( https://github.com/flosch/pongo2/tree/master?tab=readme-ov-file#features )

This functionality allows banning specific tags and filters by generating a custom TemplateSet.

At minimum, the following tags are considered to pose a risk of file leakage on the LXD host when used. Therefore, banning these can provide countermeasures against file reading attacks. - include - ssi - extends - import

The deny-list approach is prone to vulnerability recurrence due to missed countermeasures or new feature additions. Therefore, as the safest approach, we recommend using an allow-list format to permit only necessary functions.

However, as far as our investigation shows, pongo2 does not have functionality to retrieve a list of registered tags or filters, nor does it provide means to implement an allow-list approach. Therefore, it is necessary to either forcibly obtain the registration list through reflection and ban anything not on the allow-list, or ban everything from the current implemented list since the library has not been updated for about two years.

In LXD's implementation, template injection attacks can be prevented by modifying the RenderTemplate function in shared/util.go to use a restricted TemplateSet as shown above.

Patches

LXD Series	Status
6	Fixed in LXD 6.5
5.21	Fixed in LXD 5.21.4
5.0	Ignored - Not critical
4.0	Ignored - EOL and not critical

References

Reported by GMO Flatt Security Inc.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.1 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/lxc/lxd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "5.21.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/lxc/lxd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/lxc/lxd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0-20200331193331-03aab09f5b5c"
            },
            {
              "fixed": "0.0.0-20250827065555-0494f5d47e41"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-54287"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-02T21:21:33Z",
    "nvd_published_at": "2025-10-02T10:15:38Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nIn LXD\u0027s instance snapshot creation functionality, the Pongo2 template engine is used in the `snapshots.pattern` configuration for generating snapshot names. While code execution functionality has not been found in this template engine, it has file reading capabilities, creating a vulnerability that allows arbitrary file reading through template injection attacks.\n\n### Reproduction Steps\n\n1. Log in to LXD-UI with an account that has permissions to modify instance settings\n2. Set the following template injection payload in the instance snapshot pattern:\n\n```\n{% filter urlencode|slice:\":100\" %}{% include \"/etc/passwd\" %}{%endfilter %}\n```\n\nNote that the above template uses the Pongo2 template engine\u0027s include tag to read system files. It also uses urlencode and slice filters to bypass character count and type restrictions.\n\n3. Set scheduled snapshots to run every minute and wait for snapshot generation\n4. Wait about a minute and confirm that file contents can be obtained from the created snapshot name\n\n### Risk\nThe attack requires having configuration change permissions for LXD instances.\nThe attack allows reading arbitrary files accessible with LXD process permissions. This could lead to leakage of the following information:\n-\u200b LXD host configuration files (/etc/passwd, /etc/shadow, etc.)\n-\u200b LXD database files (containing information about all projects and instances)\n-\u200b Configuration files and data of other instances\n-\u200b Sensitive information on the host system\n\n### Countermeasures\nPongo2 provides mechanisms for sandboxing templates.\n\n\u003e Template sandboxing (directory patterns, banned tags/filters)\n( https://github.com/flosch/pongo2/tree/master?tab=readme-ov-file#features )\n\nThis functionality allows banning specific tags and filters by generating a custom TemplateSet.\n\nAt minimum, the following tags are considered to pose a risk of file leakage on the LXD host when used. Therefore, banning these can provide countermeasures against file reading attacks.\n-\u200b include\n-\u200b ssi\n-\u200b extends\n-\u200b import\n\nThe deny-list approach is prone to vulnerability recurrence due to missed countermeasures or new feature additions. Therefore, as the safest approach, we recommend using an allow-list format to permit only necessary functions.\n\nHowever, as far as our investigation shows, pongo2 does not have functionality to retrieve a list of registered tags or filters, nor does it provide means to implement an allow-list approach. Therefore, it is necessary to either forcibly obtain the registration list through reflection and ban anything not on the allow-list, or ban everything from the current implemented list since the library has not been updated for about two years.\n\nIn LXD\u0027s implementation, template injection attacks can be prevented by modifying the `RenderTemplate` function in `shared/util.go` to use a restricted `TemplateSet` as shown above.\n\n### Patches\n\n| LXD Series  | Status |\n| ------------- | ------------- |\n| 6 | Fixed in LXD 6.5  |\n| 5.21 | Fixed in LXD 5.21.4  |\n| 5.0 | Ignored - Not critical  |\n| 4.0  | Ignored - EOL and not critical |\n\n### References\nReported by GMO Flatt Security Inc.",
  "id": "GHSA-w2hg-2v4p-vmh6",
  "modified": "2026-01-16T22:03:02Z",
  "published": "2025-10-02T21:21:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54287"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/canonical/lxd"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-4004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns"
}

FKIE_CVE-2025-54287

Vulnerability from fkie_nvd - Published: 2025-10-02 10:15 - Updated: 2025-10-22 15:39

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security@ubuntu.com	https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6	Exploit, Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6	Exploit, Vendor Advisory

Impacted products

Vendor	Product	Version
canonical	lxd	*
canonical	lxd	*
linux	linux_kernel	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE33A015-C527-4726-8CBE-6EC6420B8933",
              "versionEndExcluding": "5.21.4",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCADB2F1-F122-4A17-88DD-F3FDD4ED796B",
              "versionEndExcluding": "6.5",
              "versionStartIncluding": "6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Template Injection in instance snapshot creation component in Canonical LXD (\u003e= 4.0) allows an attacker with instance configuration \npermissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine."
    }
  ],
  "id": "CVE-2025-54287",
  "lastModified": "2025-10-22T15:39:01.910",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security@ubuntu.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-02T10:15:38.707",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1336"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-54287 (GCVE-0-2025-54287)

GHSA-W2HG-2V4P-VMH6

Impact

Reproduction Steps

Risk

Countermeasures

Patches

References

FKIE_CVE-2025-54287

Tags

Sightings

Nomenclature