CVE-2026-25499
Published: 04 February 2026
Summary
CVE-2026-25499 is a high-severity Path Traversal (CWE-22) vulnerability in Bpg Terraform Provider. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 34.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2026-25499 is a vulnerability in the bpg/terraform-provider-proxmox, a Terraform and OpenTofu provider that adds support for Proxmox Virtual Environment. In versions prior to 0.93.1, the SSH configuration documentation suggests an insecure sudoers line that allows directory traversal via "../" sequences, enabling the modification of arbitrary files on the affected system. Published on 2026-02-04, the issue is associated with CWE-22 (Path Traversal) and CWE-1188, and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), emphasizing high integrity impact.
Exploitation requires a Proxmox host configured with the recommended sudoers line from the vulnerable documentation, granting SSH access to an attacker as the specified user. With network access and no privileges, authentication, or user interaction needed, the attacker can escape the intended directory to edit any system files, potentially leading to unauthorized changes, misconfigurations, or further compromise of the Proxmox environment.
The vulnerability has been addressed in version 0.93.1 of the provider. GitHub security advisories (GHSA-gwch-7m8v-7544) and the patching commit (bd604c41a31e2a55dd6acc01b0608be3ea49c023) on the bpg/terraform-provider-proxmox repository detail the fix and recommend upgrading to the patched version while reviewing and correcting any deployed insecure sudoers configurations.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5351
Vulnerability details
Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system…
more
to be edited. This issue has been patched in version 0.93.1.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The path traversal in the documented sudoers configuration directly allows a low-privileged SSH user to perform arbitrary file modifications, enabling local privilege escalation (T1068) by abusing the sudo elevation control mechanism (T1548.003) to write to sensitive system files.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Least privilege directly mitigates the insecure sudoers configuration by restricting SSH users from having permissions that allow directory traversal and arbitrary file modifications on Proxmox hosts.
Secure configuration settings ensure sudoers files are not configured per the vulnerable documentation, preventing path traversal vulnerabilities in Proxmox environments.
Information input validation at file path interfaces blocks directory traversal sequences like '../' that the insecure sudoers line enables for arbitrary file edits.