#VU111857 Permissions, Privileges, and Access Controls in Salt - CVE-2025-22240
Vulnerability identifier: #VU111857
Vulnerability risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Salt
Web applications /
Remote management & hosting panels
Vendor: SaltStack
Description
The vulnerability allows a local user to manipulate with files and directories.
The vulnerability exists due to improper input validation in find_file method of the GitFS class. A local user can create arbitrary directories or delete any file on the Master's process without necessary permissions.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Salt: 3000, 3000.1, 3000.2, 3000.3, 3000.4, 3000.5, 3000.6, 3000.7, 3000.8, 3000.9, 3001, 3001.1, 3001.2, 3001.3, 3001.4, 3001.5, 3001.6, 3001.7, 3001.8, 3002, 3002.1, 3002.2, 3002.3, 3002.4, 3002.5, 3002.6, 3002.7, 3002.8, 3002.9, 3003, 3003.1, 3003.2, 3003.3, 3003.4, 3003.5, 3004, 3004.1, 3004.2, 3005, 3005.1, 3005.2, 3005.3, 3005.4, 3005.5, 3006.0, 3006.1, 3006.2, 3006.3, 3006.4, 3006.5, 3006.6, 3006.7, 3006.8, 3006.9, 3006.10, 3006.11, 3006.12, 3007.0, 3007.1, 3007.2, 3007.3
External links
https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
