CVE-2025-22242
published 2025-06-13CVE-2025-22242: Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The…
medium5.6CVSS 3.1
AVLACHPRHUIRSUCHINAH
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | >= 3006.0rc1 < 3006.12 | 3006.12 |
| saltstack | salt | >= 3007.0rc1 < 3007.4 | 3007.4 |
| vmware | salt | >= 3006.x < 3006.12 | 3006.12 |
| vmware | salt | >= 3007.x < 3007.4 | 3007.4 |
CVSS provenance
nvdv3.15.6MEDIUMCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
osv5.6MEDIUM