VDB
CVE-2026-25499
CVE-2026-25499
PUBLISHED
CVSS 8.699999809265137 HIGH
Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1.
EPSS 0.03% · 9.2th percentile
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.03%
9.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | bpg/terraform-provider-proxmox | 0, 0 |
| bpg | terraform-provider-proxmox | < 0.93.1, < 0.93.1 |
| bpg | terraform_provider | 0, 0 |
Timeline
- Feb 2, 2026 CVE Published
- Feb 4, 2026 CVE Updated
- Feb 5, 2026 EPSS Score
- Feb 5, 2026 Security Advisory
- Feb 7, 2026 EPSS Score
- Feb 9, 2026 EPSS Score
- Feb 12, 2026 EPSS Score
- Feb 14, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
- Feb 20, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
References
- https://github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544 url
- https://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd6acc01b0608be3ea49c023 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-25499 advisory
- https://github.com/bpg/terraform-provider-proxmox package