We have come to the notice that Terraform plugins are being reported to have vulnerabilities categorized as “High”. Below are the list of affected plugins with “CVE-2025-22870” (NVD - CVE-2025-22870) - component => “The Go Programming Language : 0.35.0”
- /usr/local/bin/terraform
- /usr/local/bin/terraform.d/plugins/providers/registry.terraform.io/hashicorp/external/2.3.4/linux_amd64/terraform-provider-external_v2.3.4_x5
- /usr/local/bin/terraform.d/plugins/providers/registry.terraform.io/hashicorp/local/2.5.2/linux_amd64/terraform-provider-local_v2.5.2_x5
- /usr/local/bin/terraform.d/plugins/providers/registry.terraform.io/databricks/databricks/1.70.0/linux_amd64/terraform-provider-databricks_v1.70.0
- /usr/local/bin/terraform.d/plugins/providers/registry.terraform.io/hashicorp/random/3.7.1/linux_amd64/terraform-provider-random_v3.7.1_x5
- /usr/local/bin/terraform.d/plugins/providers/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64/terraform-provider-null_v3.2.3_x5
- /usr/local/bin/terraform.d/plugins/providers/registry.terraform.io/hashicorp/azuread/3.1.0/linux_amd64/terraform-provider-azuread_v3.1.0_x5
- /usr/local/bin/terraform.d/plugins/providers/registry.terraform.io/hashicorp/azurerm/4.23.0/linux_amd64/terraform-provider-azurerm_v4.23.0_x5
- /usr/local/bin/terraform.d/plugins/providers/registry.terraform.io/hashicorp/time/0.13.0/linux_amd64/terraform-provider-time_v0.13.0_x5
- /usr/local/bin/terraform.d/plugins/providers/registry.terraform.io/hashicorp/http/3.4.5/linux_amd64/terraform-provider-http_v3.4.5_x5