Is Ssh affected by CVE-2026-25499?

Organizations using Terraform/OpenTofu Proxmox Provider versions prior to 0.93.1 face a documented privilege escalation risk where improper SSH sudoer configuration could allow attackers to modify arbitrary system files.

CVE-2026-25499

HIGH

2026-02-04 [email protected]

GHSA-gwch-7m8v-7544

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 11, 2026 - 19:17 vuln.today

Public exploit code

Patch Released

Feb 11, 2026 - 19:17 nvd

Patch available

CVE Published

Feb 04, 2026 - 21:16 nvd

HIGH 7.5

Description

Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1.

Analysis

The Terraform/OpenTofu Proxmox Provider prior to version 0.93.1 contains a path traversal vulnerability in its SSH sudoer configuration documentation that permits attackers to escape directory restrictions using ../ sequences and modify arbitrary files on the system. Public exploit code exists for this vulnerability, affecting users who implement the documented SSH configuration. …

Remediation

Within 24 hours: Identify all systems running Terraform/OpenTofu Proxmox Provider and document current versions. Within 7 days: Upgrade to version 0.93.1 or later across all affected environments and validate SSH sudoer configurations against vendor guidance. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: +20

Vendor Status

CVE-2026-25499 vulnerability details – vuln.today

Back

CVE-2026-25499

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Share

CVE-2026-25499

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Share

External POC / Exploit Code