How to fix CVE-2024-38825?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Audit authentication configurations.

Is Ubuntu affected by CVE-2024-38825?

CVE-2024-38825 presents moderate security risk, a improper authentication vulnerability rated CVSS 6.4. This could allow unauthorized access to protected resources. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2024-38825

EUVD-2024-54683 MEDIUM

2025-06-13 [email protected]

GHSA-4j59-vv55-q6h3

6.4

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 21:34 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:34 euvd

EUVD-2024-54683

CVE Published

Jun 13, 2025 - 07:15 nvd

MEDIUM 6.4

Description

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.

Analysis

Technical Context

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).

Remediation

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +32

POC: 0

Vendor Status

Ubuntu

Priority: Medium

salt

Release	Status	Version
trusty	needs-triage	-
xenial	needs-triage	-
bionic	needs-triage	-
jammy	needs-triage	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

Debian

salt

Release	Status	Fixed Version	Urgency
(unstable)	fixed	(unfixed)	-

CVE-2024-38825 vulnerability details – vuln.today

Back

CVE-2024-38825

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2024-38825

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code