CVE-2025-22238
published 2025-06-13CVE-2025-22238: Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to…
medium4.2CVSS 3.1
AVLACLPRHUIRSUCNIHAN
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | >= 3006.0rc1 < 3006.12 | 3006.12 |
| saltstack | salt | >= 3007.0rc1 < 3007.4 | 3007.4 |
| vmware | salt | >= 3006.x < 3006.12 | 3006.12 |
| vmware | salt | >= 3007.x < 3007.4 | 3007.4 |
CVSS provenance
nvdv3.14.2MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
osv4.2MEDIUM