CVE-2025-22239
published 2025-06-13CVE-2025-22239: Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's…
high8.1CVSS 3.1
AVLACLPRHUINSCCHIHAL
Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | >= 3006.0rc1 < 3006.12 | 3006.12 |
| saltstack | salt | >= 3007.0rc1 < 3007.4 | 3007.4 |
| vmware | salt | >= 3006.x < 3006.12 | 3006.12 |
| vmware | salt | >= 3007.x < 3007.4 | 3007.4 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
osv8.1HIGH