📦

terraform_provider

Vendor: hashicorp

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 0.22% Exploit Prob.

Latest CVE CVE-2026-25499 Feb 04

Security Vulnerability Index

Page 1 / 1

8.7 CVSS

CVE-2026-25499

Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1.

EPSS: 0.03%

Severity: HIGH

Feb 04, 2026

7.4 CVSS

CVE-2025-13357

Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in Vault Terraform Provider v5.5.0.

EPSS: 0.02%

Severity: HIGH

Nov 21, 2025

9.8 CVSS

CVE-2021-30476

HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.

EPSS: 0.61%

Severity: CRITICAL

Apr 22, 2021

Displaying 3 of 3 Total Entries

Total 1 Sections