Skip to main content

Paloalto CVE-2025-2180

MEDIUM
Deserialization of Untrusted Data (CWE-502)
2025-08-13 psirt@paloaltonetworks.com
RCE Deserialization Paloalto Hashicorp
4.8
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:06 vuln.today
CVE Published
Aug 13, 2025 - 17:15 nvd
MEDIUM 4.8

DescriptionNVD

An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma® Cloud.

This issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.

AnalysisAI

An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Deserialization of Untrusted Data (CWE-502), which allows attackers to execute arbitrary code through malicious serialized objects. An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma® Cloud. This issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid deserializing untrusted data. Use safe serialization formats (JSON). Implement integrity checks and type allowlists.

More from same product – last 7 days

CVE-2026-8903 MEDIUM
4.3 May 27

Cross-Site Request Forgery in the Two-factor Authentication (formerly IP Vault) WordPress plugin versions up to and incl
CVE-2026-9223
4.3 May 22

Missing authorization in the vault import feature in Devolutions Server  2026.1.16.0 and earlier allows a low-privileged
CVE-2026-9246
4.3 May 22

Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated
CVE-2026-9248
2.6 May 22

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write acce

Share

CVE-2025-2180 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy