How to fix CVE-2025-62349?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Audit authentication configurations.

Is Suse affected by CVE-2025-62349?

Organizations using Salt should be aware of moderate risk from CVE-2025-62349, a improper authentication vulnerability rated CVSS 6.2. This could allow unauthorized access to protected resources. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-62349

MEDIUM

2026-01-30 [email protected]

GHSA-vcf3-26xf-fw4m

6.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

CVE Published

Jan 30, 2026 - 19:16 nvd

MEDIUM 6.2

Description

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues.

Analysis

Technical Context

Classified as CWE-287 (Improper Authentication). Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues.

Affected Products

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +31

POC: 0

Vendor Status

CVE-2025-62349 vulnerability details – vuln.today

Back

CVE-2025-62349

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-62349

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code