Security Advisory

CVE-2025-13432

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-21 14:20:53

Last updated 2025-11-21 15:13:18

Assigner HashiCorp

State PUBLISHED

Description

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability, CVE-2025-13432, is fixed in Terraform Enterprise version 1.1.1 and 1.0.3.

← Browse all CVEs View on cve.org ↗