Directory Traversal Vulnerability in Salt Project's Master Cache
CVE-2025-22238

4.2MEDIUM

Key Information:

Vendor: Vmware
Status: Salt
Vendor: CVE Published:; 13 June 2025

What is CVE-2025-22238?

A directory traversal vulnerability exists in the file cache creation process of the Salt Project's master server. An attacker may exploit this security flaw to execute arbitrary file writes or overwrites to locations outside of the intended cache directory. This can lead to unauthorized access or manipulation of sensitive files on the system. It is crucial for users of the affected Salt versions to apply the necessary updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

SALT 3006.x < 3006.12

SALT 3007.x < 3007.4

References

https://docs.saltproject.io/en/3006/topics/releases/3006....

https://docs.saltproject.io/en/3007/topics/releases/3007....

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2025
Vulnerability Reserved
Jan 2, 2025

Vmware

What is CVE-2025-22238?

Affected Version(s)

References

CVSS V3.1

Timeline