CVE-2025-2180

Palo Alto Networks Checkov <3.2.415 - Code Injection

Title source: llm

Description

An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma® Cloud. This issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.

References (1)

[Various Sources] https://security.paloaltonetworks.com/CVE-2025-2180

Scores

EPSS 0.0028

EPSS Percentile 51.0%

Classification

CWE

CWE-502

Status draft

Timeline

Published Aug 13, 2025

Tracked Since Feb 18, 2026