CVE-2025-22236

Summary

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).

Affected Software

VendorProductVersion RangeStatus
VMwareSALT3006.x < 3006.12affected
VMwareSALT3007.x < 3007.4affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References