CVE-2026-25499: terraform-provider-proxmox has insecure sudo recommendation in the documentation

February 2, 2026 (updated February 4, 2026)

In the SSH configuration documentation, the sudoer line that was suggested can be escalated to edit any files in the system.

References

github.com/advisories/GHSA-gwch-7m8v-7544
github.com/bpg/terraform-provider-proxmox
github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd6acc01b0608be3ea49c023
github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544
nvd.nist.gov/vuln/detail/CVE-2026-25499

Code Behaviors & Features

Detect and mitigate CVE-2026-25499 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →