PT-2026-5435 · Salt+1 · Salt+1

Barney Sowood

Publicado

2025-11-28

Atualizado

2026-04-01

CVE-2025-62349

CVSS v2.0

8.0

Alta

Vetor

AV:N/AC:L/Au:M/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions Salt (affected versions not specified)

Description Salt is susceptible to an authentication protocol version downgrade. A malicious minion can exploit this to bypass newer authentication and security features by utilizing an older request payload format. This allows for minion impersonation and circumvents security measures implemented to address previous issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

BDU:2026-05706

CVE-2025-62349

GHSA-VCF3-26XF-FW4M

OPENSUSE-SU-2025:15787-1

OPENSUSE-SU-2026:20000-1

SUSE-SU-2025:21216-1

SUSE-SU-2025:21218-1

SUSE-SU-2025:4445-1

SUSE-SU-2025:4447-1

SUSE-SU-2025:4448-1

SUSE-SU-2025:4449-1

SUSE-SU-2025:4450-1

SUSE-SU-2025:4466-1

SUSE-SU-2025:4467-1

SUSE-SU-2025:4474-1

SUSE-SU-2025:4475-1

SUSE-SU-2025:4476-1

SUSE-SU-2025:4477-1

SUSE-SU-2025:4478-1

SUSE-SU-2025:4479-1

SUSE-SU-2026:1012-1

SUSE-SU-2026:1014-1

SUSE-SU-2026:1026-1

SUSE-SU-2026:1140-1

SUSE-SU-2026:1141-1

SUSE-SU-2026:1142-1

SUSE-SU-2026:1146-1

SUSE-SU-2026:1148-1

SUSE-SU-2026:1149-1

Produtos afetados

Red Os

Salt

PT-2026-5435 · Salt+1 · Salt+1

CVE-2025-62349

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 131