CVE-2025-54287: Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns
In LXD’s instance snapshot creation functionality, the Pongo2 template engine is used in the snapshots.pattern
configuration for generating snapshot names. While code execution functionality has not been found in this template engine, it has file reading capabilities, creating a vulnerability that allows arbitrary file reading through template injection attacks.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-54287 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →