CVE-2025-22236: Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>=…

high8.1CVSS 3.1

AVLACLPRHUINSCCHIHAL

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).

Affected

4 ranges

Vendor	Product	Version range	Fixed in
saltstack	salt	>= 3006.0 < 3006.12	3006.12
saltstack	salt	>= 3007.0 < 3007.4	3007.4
vmware	salt	>= 3006.x < 3006.12	3006.12
vmware	salt	>= 3007.x < 3007.4	3007.4

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

osv8.1HIGH