CVE-2025-2180

Summary

An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma® Cloud.

This issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCheckov by Prisma Cloud3.2.0 < 3.2.415affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

Workarounds

Do not run Checkov on terraform files from untrusted sources or pull requests.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References