terraform-provider-proxmox has insecure sudo recommendation in the documentation_CVE-2026-25499

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1.

Basic Information

ID CVE-2026-25499

Source GitHub_M

Published Feb 4, 2026 at 20:31

Affected Product

Vendor bpg

Product terraform-provider-proxmox

Version < 0.93.1

Affected Versions bpg terraform-provider-proxmox < 0.93.1

CWE Classification

CWE-1188 CWE-22

References

{
    "lastseen": "",
    "description": "Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1.",
    "published": "2026-02-04T20:31:17.316Z",
    "modified": "2026-02-04T20:31:17.316Z",
    "type": "cve",
    "title": "terraform-provider-proxmox has insecure sudo recommendation in the documentation",
    "source": "GitHub_M",
    "references": "https://github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544\nhttps://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd6acc01b0608be3ea49c023",
    "id": "CVE-2026-25499",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1188",
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "bpg terraform-provider-proxmox < 0.93.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "terraform-provider-proxmox",
    "version": "< 0.93.1",
    "vendor": "bpg",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}