CNNVD-202510-365 Information

CNNVD ID

CNNVD-202510-365

Related CVE

CVE-2025-54287

• CNNVD Published: 2025-10-02

Description (Chinese)

LXD是Canonical开源的一款基于Linux系统用于管理应用程序的容器。 LXD 4.0及之后版本存在安全漏洞，该漏洞源于实例快照创建组件使用Pongo2模板引擎时存在模板注入，可能导致读取主机系统任意文件。

Description (English)

LXD is an open-source section of Canonical based on the Linux system used to manage applications. There is a security loophole in LXD 4.0 and later versions, which stems from the template injection of the Pongo2 template engine for the example snapshot creation component, which may lead to the reading of any files in the host system.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

科能软件

Published

2025-10-02

Last Modified

2026-02-24

References

https://github.com/canonical/lxd/security/advisories/GHSA-w2hg-2v4p-vmh6 https://vigilance.fr/vulnerability/Canonical-LXD-Incus-multiple-vulnerabilities-dated-17-10-2025-48518

Patch

https://github.com/canonical/lxd/releases