{"url":"http://public2.vulnerablecode.io/api/packages/828823?format=json","purl":"pkg:pypi/salt@3006.9","type":"pypi","namespace":"","name":"salt","version":"3006.9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3006.17","latest_non_vulnerable_version":"3007.9","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57465?format=json","vulnerability_id":"VCID-34yz-hgbf-abee","summary":"Salt's salt.auth.pki module does not properly authenticate callers\nThe salt.auth.pki module does not properly authenticate callers. The \"password\" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38825","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31045","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30977","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31012","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38825"},{"reference_url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:00:49Z/"}],"url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"reference_url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:00:49Z/"}],"url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/commit/5ff18fd0ececdfd083ddce693c3ccef30e44f155","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/5ff18fd0ececdfd083ddce693c3ccef30e44f155"},{"reference_url":"https://github.com/saltstack/salt/commit/d7cb64e44db5f82fd615373f5dca2eb1fb29bbab","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/d7cb64e44db5f82fd615373f5dca2eb1fb29bbab"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38825","reference_id":"CVE-2024-38825","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38825"},{"reference_url":"https://github.com/advisories/GHSA-4j59-vv55-q6h3","reference_id":"GHSA-4j59-vv55-q6h3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4j59-vv55-q6h3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73744?format=json","purl":"pkg:pypi/salt@3006.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73745?format=json","purl":"pkg:pypi/salt@3007.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4"}],"aliases":["CVE-2024-38825","GHSA-4j59-vv55-q6h3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-34yz-hgbf-abee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57468?format=json","vulnerability_id":"VCID-em78-j177-kffg","summary":"Salt's on demand pillar functionality vulnerable to arbitrary command injections\nAn attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22237","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28947","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28874","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28911","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22237"},{"reference_url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:05Z/"}],"url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"reference_url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:05Z/"}],"url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22237","reference_id":"CVE-2025-22237","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22237"},{"reference_url":"https://github.com/advisories/GHSA-fcr4-h6c4-rvvp","reference_id":"GHSA-fcr4-h6c4-rvvp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fcr4-h6c4-rvvp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73744?format=json","purl":"pkg:pypi/salt@3006.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73745?format=json","purl":"pkg:pypi/salt@3007.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4"}],"aliases":["CVE-2025-22237","GHSA-fcr4-h6c4-rvvp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-em78-j177-kffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57481?format=json","vulnerability_id":"VCID-fwas-eecc-3bau","summary":"Salt allows arbitrary directory creation or file deletion\nArbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22240","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26346","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2639","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26398","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22240"},{"reference_url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:40:39Z/"}],"url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"reference_url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:40:39Z/"}],"url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/commit/f7c28ffbf18dbf693a15b1ba9493918de3e88cf3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/f7c28ffbf18dbf693a15b1ba9493918de3e88cf3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22240","reference_id":"CVE-2025-22240","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22240"},{"reference_url":"https://github.com/advisories/GHSA-xh32-3m67-qjgf","reference_id":"GHSA-xh32-3m67-qjgf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xh32-3m67-qjgf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73744?format=json","purl":"pkg:pypi/salt@3006.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73745?format=json","purl":"pkg:pypi/salt@3007.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4"}],"aliases":["CVE-2025-22240","GHSA-xh32-3m67-qjgf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwas-eecc-3bau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57478?format=json","vulnerability_id":"VCID-fwpy-42pu-8ub3","summary":"Salt has minion event bus authorization bypass vulnerability\nMinion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22236","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34491","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34471","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34507","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22236"},{"reference_url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:59:59Z/"}],"url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"reference_url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:59:59Z/"}],"url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22236","reference_id":"CVE-2025-22236","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22236"},{"reference_url":"https://github.com/advisories/GHSA-jh7c-xh74-h76f","reference_id":"GHSA-jh7c-xh74-h76f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jh7c-xh74-h76f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73744?format=json","purl":"pkg:pypi/salt@3006.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73745?format=json","purl":"pkg:pypi/salt@3007.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4"}],"aliases":["CVE-2025-22236","GHSA-jh7c-xh74-h76f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwpy-42pu-8ub3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57477?format=json","vulnerability_id":"VCID-r4b7-j6au-fucm","summary":"Salt's file contents overwrite the VirtKey class\nFile contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22241","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33935","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33968","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33953","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22241"},{"reference_url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T15:24:21Z/"}],"url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"reference_url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T15:24:21Z/"}],"url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22241","reference_id":"CVE-2025-22241","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22241"},{"reference_url":"https://github.com/advisories/GHSA-7f3f-x5f5-79gw","reference_id":"GHSA-7f3f-x5f5-79gw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7f3f-x5f5-79gw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73744?format=json","purl":"pkg:pypi/salt@3006.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73745?format=json","purl":"pkg:pypi/salt@3007.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4"}],"aliases":["CVE-2025-22241","GHSA-7f3f-x5f5-79gw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4b7-j6au-fucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57470?format=json","vulnerability_id":"VCID-sc4b-v7j2-byed","summary":"Salt vulnerable to directory traversal attack in minion file cache creation\nDirectory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22238","reference_id":"","reference_type":"","scores":[{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57317","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57328","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.5732","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22238"},{"reference_url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:54:45Z/"}],"url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"reference_url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:54:45Z/"}],"url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/commit/4b30218edf1a979855ea191d72b30c89f4a5a582","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/4b30218edf1a979855ea191d72b30c89f4a5a582"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22238","reference_id":"CVE-2025-22238","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22238"},{"reference_url":"https://github.com/advisories/GHSA-r546-h3ff-q585","reference_id":"GHSA-r546-h3ff-q585","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r546-h3ff-q585"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73744?format=json","purl":"pkg:pypi/salt@3006.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73745?format=json","purl":"pkg:pypi/salt@3007.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4"}],"aliases":["CVE-2025-22238","GHSA-r546-h3ff-q585"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sc4b-v7j2-byed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57475?format=json","vulnerability_id":"VCID-t99c-dqd5-ukfk","summary":"Salt vulnerable to directory traversal attack in file receiving method\nDirectory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38824","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59699","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59707","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59704","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38824"},{"reference_url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:04Z/"}],"url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"reference_url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:04Z/"}],"url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/commit/c4ad23f0f3132d8d8a88f19fa537dc42cf21b215","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/c4ad23f0f3132d8d8a88f19fa537dc42cf21b215"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38824","reference_id":"CVE-2024-38824","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38824"},{"reference_url":"https://github.com/advisories/GHSA-8pcp-r83j-fc92","reference_id":"GHSA-8pcp-r83j-fc92","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8pcp-r83j-fc92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73744?format=json","purl":"pkg:pypi/salt@3006.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73745?format=json","purl":"pkg:pypi/salt@3007.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4"}],"aliases":["CVE-2024-38824","GHSA-8pcp-r83j-fc92"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t99c-dqd5-ukfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57473?format=json","vulnerability_id":"VCID-yt34-n551-1uau","summary":"Salt's worker process vulnerable to denial of service through file read operation\nWorker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22242","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53957","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53969","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53961","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22242"},{"reference_url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:23:55Z/"}],"url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"reference_url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:23:55Z/"}],"url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/commit/e39116fb87bf4db9bcb9aade8258c66df87d41fe","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/e39116fb87bf4db9bcb9aade8258c66df87d41fe"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22242","reference_id":"CVE-2025-22242","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22242"},{"reference_url":"https://github.com/advisories/GHSA-989c-m532-p2hv","reference_id":"GHSA-989c-m532-p2hv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-989c-m532-p2hv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73744?format=json","purl":"pkg:pypi/salt@3006.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73745?format=json","purl":"pkg:pypi/salt@3007.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4"}],"aliases":["CVE-2025-22242","GHSA-989c-m532-p2hv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yt34-n551-1uau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57482?format=json","vulnerability_id":"VCID-zeat-rzj9-u3br","summary":"Salt vulnerable to arbitrary event injection\nArbitrary event injection on Salt Master. The master's \"_minion_event\" method can be used by and authorized minion to send arbitrary events onto the master's event bus.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22239","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34471","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34507","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34491","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22239"},{"reference_url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:50:17Z/"}],"url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"reference_url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:50:17Z/"}],"url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/commit/41d834bf800d86fc496e4fac2d3875fc2aca7c62","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/41d834bf800d86fc496e4fac2d3875fc2aca7c62"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22239","reference_id":"CVE-2025-22239","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22239"},{"reference_url":"https://github.com/advisories/GHSA-c46w-gr7f-jm2p","reference_id":"GHSA-c46w-gr7f-jm2p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c46w-gr7f-jm2p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73744?format=json","purl":"pkg:pypi/salt@3006.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73745?format=json","purl":"pkg:pypi/salt@3007.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fxhr-smeg-k7fj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4"}],"aliases":["CVE-2025-22239","GHSA-c46w-gr7f-jm2p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zeat-rzj9-u3br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49899?format=json","vulnerability_id":"VCID-zudw-npmj-2qe8","summary":"Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload\nSalt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62348","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0065","published_at":"2026-06-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00648","published_at":"2026-06-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00651","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62348"},{"reference_url":"https://docs.saltproject.io/en/latest/topics/releases/3006.17.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-30T19:30:12Z/"}],"url":"https://docs.saltproject.io/en/latest/topics/releases/3006.17.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/issues/68469","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/issues/68469"},{"reference_url":"https://github.com/saltstack/salt/pull/68472/commits/c17fd645edef208233dcac855615fced69409a00","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/pull/68472/commits/c17fd645edef208233dcac855615fced69409a00"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62348","reference_id":"CVE-2025-62348","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62348"},{"reference_url":"https://github.com/advisories/GHSA-77w2-v593-vxvv","reference_id":"GHSA-77w2-v593-vxvv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77w2-v593-vxvv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73743?format=json","purl":"pkg:pypi/salt@3006.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.17"}],"aliases":["CVE-2025-62348","GHSA-77w2-v593-vxvv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zudw-npmj-2qe8"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.9"}