CVE-2025-22238

Summary

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

Affected Software

VendorProductVersion RangeStatus
VMwareSALT3006.x < 3006.12affected
VMwareSALT3007.x < 3007.4affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References