CVE-2025-62348 - Vulnerability Details - OpenCVE

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://docs.saltproject.io/en/latest/topics/releases/3006.17.html

History

Fri, 30 Jan 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 30 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Description		Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.
Title		Salt junos module uses an unsafe YAML loader which may allow unintended code execution
Weaknesses		CWE-94
References		https://docs.saltproject.io/en/latest/topics/releases/3006.17.html
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2026-01-30T18:57:52.056Z

Updated: 2026-01-30T19:30:20.366Z

Reserved: 2025-10-10T10:06:33.841Z

Link: CVE-2025-62348

Vulnrichment

Updated: 2026-01-30T19:30:17.029Z

NVD

Status : Received

Published: 2026-01-30T19:16:10.860

Modified: 2026-01-30T19:16:10.860

Link: CVE-2025-62348

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-62348", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2025-10-10T10:06:33.841Z", "datePublished": "2026-01-30T18:57:52.056Z", "dateUpdated": "2026-01-30T19:30:20.366Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://saltproject.io/", "defaultStatus": "unaffected", "packageName": "salt", "product": "Salt", "vendor": "Salt Project", "versions": [{"lessThan": "3006.17", "status": "affected", "version": "3006.0", "versionType": "semver"}]}, {"collectionURL": "https://saltproject.io/", "defaultStatus": "unaffected", "packageName": "salt", "product": "Salt", "vendor": "Salt Project", "versions": [{"lessThan": "3007.9", "status": "affected", "version": "3007.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Amr Kadry"}], "datePublic": "2025-11-20T05:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.</p>"}], "value": "Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.3, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-01-30T18:57:52.056Z"}, "references": [{"name": "Salt 3006.17 release notes (fix for CVE-2025-62348)", "tags": ["release-notes", "vendor-advisory"], "url": "https://docs.saltproject.io/en/latest/topics/releases/3006.17.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Upgrade Salt to a release that includes the Junos module YAML loader fix (e.g., Salt 3006.17 or later for the 3006 LTS line). For distro-packaged builds, install the vendor-provided fixed package version (for example Alpine salt-lts 3006.17-r0 or higher).</p>"}], "value": "Upgrade Salt to a release that includes the Junos module YAML loader fix (e.g., Salt 3006.17 or later for the 3006 LTS line). For distro-packaged builds, install the vendor-provided fixed package version (for example Alpine salt-lts 3006.17-r0 or higher)."}], "source": {"discovery": "UNKNOWN"}, "title": "Salt junos module uses an unsafe YAML loader which may allow unintended code execution", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>If upgrading immediately is not possible, reduce exposure by restricting which users/automation can invoke junos execution module functions and by limiting access to any YAML inputs used by the junos module. Prefer trusted sources only for YAML content.</p>"}], "value": "If upgrading immediately is not possible, reduce exposure by restricting which users/automation can invoke junos execution module functions and by limiting access to any YAML inputs used by the junos module. Prefer trusted sources only for YAML content."}], "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-30T19:30:12.432275Z", "id": "CVE-2025-62348", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T19:30:20.366Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-62348", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-30T19:30:12.432275Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T19:30:17.029Z"}}], "cna": {"title": "Salt junos module uses an unsafe YAML loader which may allow unintended code execution", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Amr Kadry"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Salt Project", "product": "Salt", "versions": [{"status": "affected", "version": "3006.0", "lessThan": "3006.17", "versionType": "semver"}], "packageName": "salt", "collectionURL": "https://saltproject.io/", "defaultStatus": "unaffected"}, {"vendor": "Salt Project", "product": "Salt", "versions": [{"status": "affected", "version": "3007.0", "lessThan": "3007.9", "versionType": "semver"}], "packageName": "salt", "collectionURL": "https://saltproject.io/", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade Salt to a release that includes the Junos module YAML loader fix (e.g., Salt 3006.17 or later for the 3006 LTS line). For distro-packaged builds, install the vendor-provided fixed package version (for example Alpine salt-lts 3006.17-r0 or higher).", "supportingMedia": [{"type": "text/html", "value": "<p>Upgrade Salt to a release that includes the Junos module YAML loader fix (e.g., Salt 3006.17 or later for the 3006 LTS line). For distro-packaged builds, install the vendor-provided fixed package version (for example Alpine salt-lts 3006.17-r0 or higher).</p>", "base64": false}]}], "datePublic": "2025-11-20T05:00:00.000Z", "references": [{"url": "https://docs.saltproject.io/en/latest/topics/releases/3006.17.html", "name": "Salt 3006.17 release notes (fix for CVE-2025-62348)", "tags": ["release-notes", "vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "If upgrading immediately is not possible, reduce exposure by restricting which users/automation can invoke junos execution module functions and by limiting access to any YAML inputs used by the junos module. Prefer trusted sources only for YAML content.", "supportingMedia": [{"type": "text/html", "value": "<p>If upgrading immediately is not possible, reduce exposure by restricting which users/automation can invoke junos execution module functions and by limiting access to any YAML inputs used by the junos module. Prefer trusted sources only for YAML content.</p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.", "supportingMedia": [{"type": "text/html", "value": "<p>Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-01-30T18:57:52.056Z"}}}, "cveMetadata": {"cveId": "CVE-2025-62348", "state": "PUBLISHED", "dateUpdated": "2026-01-30T19:30:20.366Z", "dateReserved": "2025-10-10T10:06:33.841Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2026-01-30T18:57:52.056Z", "assignerShortName": "vmware"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process."}], "id": "CVE-2025-62348", "lastModified": "2026-01-30T19:16:10.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@vmware.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2026-01-30T19:16:10.860", "references": [{"source": "security@vmware.com", "url": "https://docs.saltproject.io/en/latest/topics/releases/3006.17.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@vmware.com", "type": "Secondary"}]}