Platform
python
Component
salt
Fixed in
3006.17
3007.9
CVE-2025-62348 describes a remote code execution (RCE) vulnerability discovered in Salt, an open-source automation system. This flaw stems from unsafe YAML decoding within the junos execution module, enabling an attacker to potentially execute arbitrary code. The vulnerability impacts Salt versions 3006.0 through 3007.9, and a fix is available in version 3007.9.
An attacker exploiting CVE-2025-62348 can achieve remote code execution on systems running vulnerable versions of Salt. This is a critical risk because it allows an attacker to gain complete control over the affected system, potentially leading to data breaches, system compromise, and lateral movement within the network. The attack involves crafting a malicious YAML payload that, when processed by the junos module, triggers the unintended code execution. The blast radius extends to any system where the vulnerable Salt module is utilized and exposed to untrusted input. This vulnerability shares similarities with other YAML deserialization vulnerabilities where malicious payloads can be injected to execute arbitrary commands.
CVE-2025-62348 was published on 2026-01-30. The EPSS score is currently pending evaluation. No public proof-of-concept (PoC) code has been publicly released as of this writing. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-62348 is to upgrade Salt to version 3007.9 or later, which contains the fix. If an immediate upgrade is not feasible, consider isolating systems running vulnerable Salt versions to limit potential exposure. While a direct workaround is not available, carefully scrutinize any YAML input processed by the junos module, and consider implementing input validation to prevent malicious payloads. Monitor Salt logs for unusual activity or errors related to YAML processing. After upgrading, confirm the fix by attempting to execute a junos module with a known malicious YAML payload – it should fail to execute without error.
Actualice Salt a la versión 3006.17 o superior, o a la versión 3007.9 o superior, según corresponda a su rama de Salt. Esto corregirá la vulnerabilidad de deserialización insegura de YAML en el módulo junos.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-62348 is a remote code execution vulnerability in Salt's junos execution module, allowing attackers to execute arbitrary code through crafted YAML payloads.
You are affected if you are running Salt versions 3006.0 through 3007.9 and utilize the junos execution module.
Upgrade Salt to version 3007.9 or later to remediate the vulnerability. If immediate upgrade is not possible, isolate vulnerable systems and scrutinize YAML input.
As of the current date, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention.
Refer to the official Salt security advisory for detailed information and updates: [https://www.saltproject.io/blog/2026/01/30/salt-security-advisory-cve-2025-62348/](https://www.saltproject.io/blog/2026/01/30/salt-security-advisory-cve-2025-62348/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.