CVE-2025-68922
Remote Code Execution in OpenOps Terraform Block Before
Publication date: 2025-12-25
Last updated on: 2025-12-25
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openops-cloud | openops | 0.6.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68922 is a remote code execution (RCE) vulnerability in the Terraform block of the openops-cloud/openops project before version 0.6.11. It arises from insufficient validation and escaping of user inputs within Terraform resource configurations, allowing potential shell injection attacks. The vulnerability was fixed by implementing strict input validation for user-controlled identifiers, escaping shell arguments to prevent arbitrary command injection, enhancing resource parsing, and adding comprehensive tests to prevent regression. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code remotely on systems running vulnerable versions of openops-cloud/openops. Specifically, crafted Terraform configurations could exploit shell injection flaws to run malicious commands, potentially leading to full system compromise, data loss, or unauthorized access. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2025-68922 vulnerability, you should upgrade openops to version 0.6.11 or later, which includes security hardening measures such as strict input validation, shell argument escaping, and resource parsing enhancements to prevent remote code execution in the Terraform block. Applying this update will eliminate the risk of shell injection attacks through crafted Terraform configurations. [1, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific detection methods or commands to identify the CVE-2025-68922 vulnerability on a network or system. The vulnerability involves remote code execution via the Terraform block due to insufficient input validation and escaping, but no explicit detection or scanning commands are given.