CVE-2025-62349

CVSS v2.0

8.0

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions Salt (affected versions not specified)

Description Salt is susceptible to an authentication protocol version downgrade. A malicious minion can exploit this to bypass newer authentication and security features by utilizing an older request payload format. This allows for minion impersonation and circumvents security measures implemented to address previous issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2026-05706

CVE-2025-62349

GHSA-VCF3-26XF-FW4M

OPENSUSE-SU-2025:15787-1

OPENSUSE-SU-2026:20000-1

SUSE-SU-2025:21216-1

SUSE-SU-2025:21218-1

SUSE-SU-2025:4445-1

SUSE-SU-2025:4447-1

SUSE-SU-2025:4448-1

SUSE-SU-2025:4449-1

SUSE-SU-2025:4450-1

SUSE-SU-2025:4466-1

SUSE-SU-2025:4467-1

SUSE-SU-2025:4474-1

SUSE-SU-2025:4475-1

SUSE-SU-2025:4476-1

SUSE-SU-2025:4477-1

SUSE-SU-2025:4478-1

SUSE-SU-2025:4479-1

SUSE-SU-2026:1012-1

SUSE-SU-2026:1014-1

SUSE-SU-2026:1026-1

SUSE-SU-2026:1140-1

SUSE-SU-2026:1141-1

SUSE-SU-2026:1142-1

SUSE-SU-2026:1146-1

SUSE-SU-2026:1148-1

SUSE-SU-2026:1149-1

Affected Products

Red Os

Salt

CVE-2025-62349

Weakness Enumeration

Related Identifiers

Affected Products

References · 131