प्लेटफ़ॉर्म
python
घटक
salt
में ठीक किया गया
3006.17
3007.9
CVE-2025-62348 describes a remote code execution (RCE) vulnerability discovered in Salt, an open-source automation system. This flaw stems from unsafe YAML decoding within the junos execution module, enabling an attacker to potentially execute arbitrary code. The vulnerability impacts Salt versions 3006.0 through 3007.9, and a fix is available in version 3007.9.
An attacker exploiting CVE-2025-62348 can achieve remote code execution on systems running vulnerable versions of Salt. This is a critical risk because it allows an attacker to gain complete control over the affected system, potentially leading to data breaches, system compromise, and lateral movement within the network. The attack involves crafting a malicious YAML payload that, when processed by the junos module, triggers the unintended code execution. The blast radius extends to any system where the vulnerable Salt module is utilized and exposed to untrusted input. This vulnerability shares similarities with other YAML deserialization vulnerabilities where malicious payloads can be injected to execute arbitrary commands.
CVE-2025-62348 was published on 2026-01-30. The EPSS score is currently pending evaluation. No public proof-of-concept (PoC) code has been publicly released as of this writing. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on Salt for configuration management and automation are at significant risk. Specifically, environments utilizing the junos execution module and those with limited network segmentation are particularly vulnerable. Systems with older Salt installations and those lacking robust input validation practices are also at increased risk.
• python / server:
import os
import subprocess
def check_salt_version():
try:
result = subprocess.check_output(['salt-minion', '--version'], stderr=subprocess.STDOUT, universal_newlines=True)
version = result.strip()
if float(version.split('\')[1].replace('.','')) < 3007.9:
print("Vulnerable Salt version detected!")
else:
print("Salt version is patched.")
except FileNotFoundError:
print("Salt not installed.")
except Exception as e:
print(f"Error checking Salt version: {e}")
check_salt_version()• linux / server:
journalctl -u salt-minion -g "YAML parsing error"• generic web:
curl -I http://your-salt-server/junos_module | grep -i "yaml"disclosure
एक्सप्लॉइट स्थिति
EPSS
0.01% (2% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-62348 is to upgrade Salt to version 3007.9 or later, which contains the fix. If an immediate upgrade is not feasible, consider isolating systems running vulnerable Salt versions to limit potential exposure. While a direct workaround is not available, carefully scrutinize any YAML input processed by the junos module, and consider implementing input validation to prevent malicious payloads. Monitor Salt logs for unusual activity or errors related to YAML processing. After upgrading, confirm the fix by attempting to execute a junos module with a known malicious YAML payload – it should fail to execute without error.
Actualice Salt a la versión 3006.17 o superior, o a la versión 3007.9 o superior, según corresponda a su rama de Salt. Esto corregirá la vulnerabilidad de deserialización insegura de YAML en el módulo junos.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-62348 is a remote code execution vulnerability in Salt's junos execution module, allowing attackers to execute arbitrary code through crafted YAML payloads.
You are affected if you are running Salt versions 3006.0 through 3007.9 and utilize the junos execution module.
Upgrade Salt to version 3007.9 or later to remediate the vulnerability. If immediate upgrade is not possible, isolate vulnerable systems and scrutinize YAML input.
As of the current date, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention.
Refer to the official Salt security advisory for detailed information and updates: [https://www.saltproject.io/blog/2026/01/30/salt-security-advisory-cve-2025-62348/](https://www.saltproject.io/blog/2026/01/30/salt-security-advisory-cve-2025-62348/)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी requirements.txt फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।