CVE-2025-22238

CWE-22Path Traversal5 documents4 sources
Severity
4.2MEDIUM
EPSS
0.3%
top 42.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Salt
Timeline
PublishedJun 13

Description

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:NExploitability: 0.6 | Impact: 3.6

Affected Packages2 packages

PyPIsalt3006.0rc13006.12+1
CVEListV5vmware/salt3006.x3006.12+1

🔴Vulnerability Details

4
OSV
Salt vulnerable to directory traversal attack in minion file cache creation2025-06-13
OSV
CVE-2025-22238: Directory traversal attack in minion file cache creation2025-06-13
GHSA
Salt vulnerable to directory traversal attack in minion file cache creation2025-06-13
CVEList
CVE-2025-22238 salt advisory2025-06-13
CVE-2025-22238 (MEDIUM CVSS 4.2) | Directory traversal attack in minio | cvebase.io