CVE-2025-2180

Description

An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma® Cloud. This issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.

PUBLISHED Reserved 2025-03-10 | Published 2025-08-13 | Updated 2025-08-13 | Assigner palo_alto

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Timeline

Credits

Palo Alto Networks thanks Bryan Eastes for discovering and reporting this issue. finder

References

security.paloaltonetworks.com/CVE-2025-2180 vendor-advisory

cve.org (CVE-2025-2180)

nvd.nist.gov (CVE-2025-2180)

Download JSON