CVE-2026-25499 is a vulnerability identified in the terraform-provider-proxmox, a Terraform provider that facilitates infrastructure automation for the Proxmox Virtual Environment. The root cause is an insecure sudoer configuration line recommended in the SSH setup documentation prior to version 0.93.1. This insecure configuration allows an attacker to perform directory traversal attacks using '../' sequences, effectively escaping the intended directory context. As a result, an attacker can edit arbitrary files on the host system, compromising system integrity. The vulnerability is classified under CWE-1188 (Insecure Default Initialization of Resource) and CWE-22 (Path Traversal). The CVSS 4.0 vector indicates no privileges or user interaction are required, and the attack can be performed remotely over the network, making it highly exploitable. The vulnerability was reserved on February 2, 2026, and published on February 4, 2026. Although no known exploits are currently reported in the wild, the potential for widespread impact is significant due to the nature of Terraform and Proxmox usage in automating virtualized infrastructure. The issue has been addressed in version 0.93.1 of the provider, which corrects the insecure sudoer line and prevents directory traversal. Organizations using versions prior to 0.93.1 are advised to upgrade promptly to mitigate this risk.

For European organizations, this vulnerability poses a serious risk to the integrity of virtualized infrastructure managed via Terraform and Proxmox. Exploitation could allow attackers to modify critical system files, potentially leading to unauthorized configuration changes, deployment of malicious code, or disruption of services. Given the widespread use of Proxmox in European data centers and enterprises for virtualization and container management, the impact could extend to cloud service providers, financial institutions, healthcare providers, and government agencies. The ability to exploit this vulnerability remotely without authentication increases the threat level, potentially enabling attackers to compromise multiple systems in automated environments. This could lead to data breaches, service outages, and loss of trust. The lack of known exploits in the wild suggests a window for proactive mitigation, but the high CVSS score and ease of exploitation necessitate urgent action.

European organizations should immediately upgrade terraform-provider-proxmox to version 0.93.1 or later to apply the patch that fixes the insecure sudoer configuration. Review and audit all SSH sudoer configurations related to Proxmox automation to ensure they do not permit directory traversal or other insecure behaviors. Implement strict access controls on systems running Terraform and Proxmox, limiting who can modify infrastructure as code and execute automation scripts. Employ file integrity monitoring to detect unauthorized changes to critical system files. Use network segmentation to isolate management interfaces of Proxmox environments from general network access. Regularly review Terraform provider documentation and configurations for security best practices. Additionally, consider deploying runtime security tools that can detect anomalous file access patterns indicative of exploitation attempts. Finally, maintain an incident response plan tailored to infrastructure automation compromise scenarios.