CVE-2025-62348

Summary

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.

Affected Software

VendorProductVersion RangeStatus
Salt ProjectSalt3006.0 < 3006.17affected
Salt ProjectSalt3007.0 < 3007.9affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

Workarounds

If upgrading immediately is not possible, reduce exposure by restricting which users/automation can invoke junos execution module functions and by limiting access to any YAML inputs used by the junos module. Prefer trusted sources only for YAML content.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References