#VU111853 Improper Authorization in Salt - CVE-2025-22236

Cybersecurity Help s.r.o.

Published: 2025-06-23

Vulnerability identifier: #VU111853

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22236

CWE-ID: CWE-285

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Salt
Web applications / Remote management & hosting panels

Vendor: SaltStack

Description

The vulnerability allows a local user to impersonate other minions.

The vulnerability exists due to improper authorization. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Salt: 3007.0, 3007.1, 3007.2, 3007.3

External links
https://docs.saltproject.io/en/3007/topics/releases/3007.4.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Fedora 42 update for salt

Fedora 41 update for salt

Fedora 42 update for salt

Fedora 43 update for salt

Fedora EPEL 9 update for salt3006

Multiple vulnerabilities in SaltStack Salt