CVE-2025-2181 (GCVE-0-2025-2181)
Vulnerability from cvelistv5
Published
2025-08-13 17:03
Modified
2025-08-13 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Summary
A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Checkov by Prisma Cloud |
Version: 3.2.0 < 3.2.449 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T20:31:31.868823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T20:31:43.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkov by Prisma Cloud",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "3.2.449",
"status": "unaffected"
}
],
"lessThan": "3.2.449",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shashank Chaurasia"
}
],
"datePublic": "2025-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma\u00ae Cloud can result in the cleartext exposure of\u0026nbsp;Prisma Cloud access keys in Checkov\u0027s output.\u003c/p\u003e"
}
],
"value": "A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma\u00ae Cloud can result in the cleartext exposure of\u00a0Prisma Cloud access keys in Checkov\u0027s output."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Attacker finds a Prisma Cloud access key in a Checkov output file that a user uploaded to an insecure location."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Attacker gains access to a system and then finds a Checkov output file that contains an exposed Prisma Cloud access key."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T17:03:03.787Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-2181"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n \u003ctd\u003eCheckov by Prisma Cloud 3.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e3.2.0 through 3.2.448\u003c/td\u003e\n \u003ctd\u003eUpgrade to 3.2.449 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003eCheckov integration in Prisma Cloud is upgraded automatically when new versions become available. All Prisma Cloud access keys used by Checkov should be rotated after upgrading to a fixed version (this step is recommended for all modes of using Checkov)."
}
],
"value": "Version\nMinor Version\nSuggested Solution\n\n Checkov by Prisma Cloud 3.2\n\n 3.2.0 through 3.2.448\n Upgrade to 3.2.449 or later.\n \nCheckov integration in Prisma Cloud is upgraded automatically when new versions become available. All Prisma Cloud access keys used by Checkov should be rotated after upgrading to a fixed version (this step is recommended for all modes of using Checkov)."
}
],
"source": {
"defect": [
"BCE-42897"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-08-13T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Checkov by Prisma Cloud: Cleartext Exposure of Credentials",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-2181",
"datePublished": "2025-08-13T17:03:03.787Z",
"dateReserved": "2025-03-10T17:56:23.828Z",
"dateUpdated": "2025-08-13T20:31:43.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-2181\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2025-08-13T17:15:27.000\",\"lastModified\":\"2025-08-13T17:33:46.673\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma\u00ae Cloud can result in the cleartext exposure of\u00a0Prisma Cloud access keys in Checkov\u0027s output.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NO\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2025-2181\",\"source\":\"psirt@paloaltonetworks.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2181\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-13T20:31:31.868823Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-13T20:31:37.077Z\"}}], \"cna\": {\"title\": \"Checkov by Prisma Cloud: Cleartext Exposure of Credentials\", \"source\": {\"defect\": [\"BCE-42897\"], \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Shashank Chaurasia\"}], \"impacts\": [{\"capecId\": \"CAPEC-37\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-37 Retrieve Embedded Sensitive Data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 5.9, \"Automatable\": \"NO\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/AU:N/R:U/V:D/RE:M/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"Attacker finds a Prisma Cloud access key in a Checkov output file that a user uploaded to an insecure location.\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 5.1, \"Automatable\": \"NO\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/AU:N/R:U/V:D/RE:M/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"Attacker gains access to a system and then finds a Checkov output file that contains an exposed Prisma Cloud access key.\"}]}], \"affected\": [{\"vendor\": \"Palo Alto Networks\", \"product\": \"Checkov by Prisma Cloud\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"3.2.449\", \"status\": \"unaffected\"}], \"version\": \"3.2.0\", \"lessThan\": \"3.2.449\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-13T16:00:00.000Z\", \"value\": \"Initial Publication\"}], \"solutions\": [{\"lang\": \"eng\", \"value\": \"Version\\nMinor Version\\nSuggested Solution\\n\\n Checkov by Prisma Cloud 3.2\\n\\n 3.2.0 through 3.2.448\\n Upgrade to 3.2.449 or later.\\n \\nCheckov integration in Prisma Cloud is upgraded automatically when new versions become available. All Prisma Cloud access keys used by Checkov should be rotated after upgrading to a fixed version (this step is recommended for all modes of using Checkov).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\\n \u003ctd\u003eCheckov by Prisma Cloud 3.2\u003cbr\u003e\u003c/td\u003e\\n \u003ctd\u003e3.2.0 through 3.2.448\u003c/td\u003e\\n \u003ctd\u003eUpgrade to 3.2.449 or later.\u003c/td\u003e\\n \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003eCheckov integration in Prisma Cloud is upgraded automatically when new versions become available. All Prisma Cloud access keys used by Checkov should be rotated after upgrading to a fixed version (this step is recommended for all modes of using Checkov).\", \"base64\": false}]}], \"datePublic\": \"2025-08-13T16:00:00.000Z\", \"references\": [{\"url\": \"https://security.paloaltonetworks.com/CVE-2025-2181\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"eng\", \"value\": \"No known workarounds exist for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"No known workarounds exist for this issue.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma\\u00ae Cloud can result in the cleartext exposure of\\u00a0Prisma Cloud access keys in Checkov\u0027s output.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma\\u00ae Cloud can result in the cleartext exposure of\u0026nbsp;Prisma Cloud access keys in Checkov\u0027s output.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-312\", \"description\": \"CWE-312 Cleartext Storage of Sensitive Information\"}]}], \"configurations\": [{\"lang\": \"eng\", \"value\": \"No special configuration is required to be affected by this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"No special configuration is required to be affected by this issue.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"shortName\": \"palo_alto\", \"dateUpdated\": \"2025-08-13T17:03:03.787Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-2181\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-13T20:31:43.129Z\", \"dateReserved\": \"2025-03-10T17:56:23.828Z\", \"assignerOrgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"datePublished\": \"2025-08-13T17:03:03.787Z\", \"assignerShortName\": \"palo_alto\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…