CVE-2026-25499

Опубликовано: 04 фев. 2026

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1.

Ссылки

https://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd6acc01b0608be3ea49c023
Patch
https://github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544
Exploit
Vendor Advisory
https://github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bpg:terraform_provider:*:*:*:*:*:proxmox_virtual_environment:*:*

Версия до 0.93.1 (исключая)

EPSS

Процентиль: 8%

0.00029

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2026-25499

CVSS3: 7.5

debian

около 2 месяцев назад

Terraform / OpenTofu Provider adds support for Proxmox Virtual Environ ...

GHSA-gwch-7m8v-7544

github