Unsafe Deserialization Vulnerability in Palo Alto Networks Checkov
CVE-2025-2180

4.8MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Checkov By Prisma Cloud
Vendor: CVE Published:; 13 August 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-2180?

An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows authenticated users to execute arbitrary code as non-administrative users. This occurs when scanning a malicious Terraform file, highlighting significant security concerns for users operating versions 3.0 prior to 3.2.415.

Affected Version(s)

Checkov by Prisma Cloud 3.2.0 < 3.2.415

References

https://security.paloaltonetworks.com/CVE-2025-2180

vendor-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 13, 2025
Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Mar 10, 2025

Credit

Palo Alto Networks thanks Bryan Eastes for discovering and reporting this issue.