CVE-2025-22236

CVSS v3.1

8.1

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions SaltStack Salt versions 3007.0 and later

Description The issue concerns an authorization bypass in the Minion event bus. An attacker with access to a minion key can craft a message to potentially execute a job on other minions.

Recommendations For versions 3007.0 and later, update to a version that includes a fix for the authorization bypass issue in the Minion event bus.

Fix

Improper Authorization

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-287

Related Identifiers

ALT-PU-2025-8072

ALT-PU-2025-8965

BDU:2025-10868

CVE-2025-22236

GHSA-JH7C-XH74-H76F

OPENSUSE-SU-2025:15295-1

SUSE-SU-2025:02476-1

SUSE-SU-2025:02491-1

SUSE-SU-2025:02492-1

SUSE-SU-2025:02499-1

SUSE-SU-2025:02500-1

SUSE-SU-2025:02501-1

SUSE-SU-2025:02502-1

SUSE-SU-2025:02534-1

SUSE-SU-2025:20487-1

SUSE-SU-2025:20504-1

SUSE-SU-2025_02500-1

SUSE-SU-2025_02501-1

SUSE-SU-2025_02534-1

Affected Products

Alt Linux

Red Os

Saltstack Salt

Suse

CVE-2025-22236

Weakness Enumeration

Related Identifiers

Affected Products

References · 144