Primary

Context

OpenOps Remote Code Execution Vulnerability in Terraform Block

Vulnerability

A remote code execution vulnerability has been identified in OpenOps versions prior to 0.6.11. This issue arises within the Terraform block, where user inputs are not properly validated, allowing for the execution of unsafe code.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where OpenOps is running.

Reproduction

The vulnerability can be reproduced by uploading a Terraform file that includes a malicious command. This can be done through the OpenOps interface that accepts Terraform files. Once the file is uploaded, the malicious command will be executed on the server.

Remediation

Users can update to OpenOps version 0.6.11 or later, where this vulnerability has been fixed.

Added: Dec 25, 2025, 12:18 AM

Updated: Dec 25, 2025, 12:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.3

remediation

7.7

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.3

remediation

7.7

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenOps Remote Code Execution Vulnerability in Terraform Block

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating