CVE-2025-22238

| EUVD-2025-18252 MEDIUM
2025-06-13 [email protected] GHSA-r546-h3ff-q585
4.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 14, 2026 - 21:34 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:34 euvd
EUVD-2025-18252
CVE Published
Jun 13, 2025 - 07:15 nvd
MEDIUM 4.2

Tags

Path Traversal Debian Ubuntu Suse

Description

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

Analysis

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

Technical Context

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

Remediation

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

Priority Score

21
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +21
POC: 0

Vendor Status

Ubuntu

Priority: Medium
salt
Release Status Version
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
jammy needs-triage -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -

Debian

salt
Release Status Fixed Version Urgency
(unstable) fixed (unfixed) -

Share

CVE-2025-22238 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy