critical
CVE
CVE-2025-23088
CWE
CWE-284
Affected Surface
Infrastructure-as-Code module systems
Inherited module settings can unintentionally override security deny policies.
Recommended fix
Apply explicit deny rules at each nested boundary and validate effective policy during plan/apply stages.