CVE-2025-62348
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Salt Project | Salt | 3006.0 < 3006.17 | affected |
| Salt Project | Salt | 3007.0 < 3007.9 | affected |
Weaknesses
- CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')
Workarounds
If upgrading immediately is not possible, reduce exposure by restricting which users/automation can invoke junos execution module functions and by limiting access to any YAML inputs used by the junos module. Prefer trusted sources only for YAML content.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.