CVE-2025-13432 – Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access

CVE ID : CVE-2025-13432

Published : Nov. 21, 2025, 2:20 p.m. | 55 minutes ago

Description : Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability, CVE-2025-13432, is fixed in Terraform Enterprise version 1.1.1 and 1.0.3.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…