Path Traversal Vulnerability in SaltStack Configuration Management
CVE-2025-22241

5.6MEDIUM

Key Information:

Vendor: Vmware
Status: Salt
Vendor: CVE Published:; 13 June 2025

What is CVE-2025-22241?

A path traversal vulnerability in SaltStack Configuration Management allows attackers to exploit unvalidated input in the VirtKey class. This issue arises during the processing of 'on-demand pillar' data requests, which can lead to the creation of arbitrary file paths pointing to the 'pki directory'. The inherent functionality enables automatic acceptance of Minion authentication keys through a pre-existing 'authorization file' located in the default configuration. As such, unauthorized users could potentially overwrite critical system files, jeopardizing the integrity of the system.

Affected Version(s)

SALT 3006.x < 3006.12

SALT 3007.x < 3007.4

References

https://docs.saltproject.io/en/3006/topics/releases/3006....

https://docs.saltproject.io/en/3007/topics/releases/3007....

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2025
Vulnerability Reserved
Jan 2, 2025

Vmware

What is CVE-2025-22241?

Affected Version(s)

References

CVSS V3.1

Timeline