Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-38825

Summary
Assigner-vmware
Assigner Org ID-dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At-13 Jun, 2025 | 06:46
Updated At-13 Jun, 2025 | 14:01
Rejected At-
Credits

CVE-2024-38825 Salt Advisory

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:vmware
Assigner Org ID:dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At:13 Jun, 2025 | 06:46
Updated At:13 Jun, 2025 | 14:01
Rejected At:
▼CVE Numbering Authority (CNA)
CVE-2024-38825 Salt Advisory

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.

Affected Products
Vendor
VMware (Broadcom Inc.)VMware
Product
SALT
Package Name
Salt
Default Status
unaffected
Versions
Affected
  • From 3006.x before 3006.12 (lts)
  • From 3007.x before 3007.4 (sts)
Metrics
VersionBase scoreBase severityVector
3.16.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
N/A
https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
N/A
Hyperlink: https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
Resource: N/A
Hyperlink: https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287 Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287 Improper Authentication
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@vmware.com
Published At:13 Jun, 2025 | 07:15
Updated At:16 Jun, 2025 | 12:32

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-287Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-287
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.saltproject.io/en/3006/topics/releases/3006.12.htmlsecurity@vmware.com
N/A
https://docs.saltproject.io/en/3007/topics/releases/3007.4.htmlsecurity@vmware.com
N/A
Hyperlink: https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
Source: security@vmware.com
Resource: N/A
Hyperlink: https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
Source: security@vmware.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2024-38832
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.1||HIGH
EPSS-0.58% / 67.98%
||
7 Day CHG+0.06%
Published-26 Nov, 2024 | 11:51
Updated-14 May, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored cross-site scripting vulnerability (CVE-2024-38832)

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-cloud_foundationaria_operationsVMware Aria Operations
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38822
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-2.7||LOW
EPSS-0.05% / 15.06%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 06:40
Updated-16 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2024-38822 Salt Advisory

Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-SALT
CWE ID-CWE-287
Improper Authentication
CVE-2025-22236
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-8.1||HIGH
EPSS-0.03% / 5.00%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 06:53
Updated-16 Jun, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-22236 salt advisory

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-SALT
CWE ID-CWE-287
Improper Authentication
CVE-2023-20867
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-3.9||LOW
EPSS-1.05% / 76.64%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 16:47
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-07-14||Apply updates per vendor instructions.
VMware Tools Authentication Bypass Vulnerability

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Action-Not Available
Vendor-Debian GNU/LinuxVMware (Broadcom Inc.)Fedora Project
Product-fedoradebian_linuxtoolsVMware ToolsTools
CWE ID-CWE-287
Improper Authentication
CVE-2024-22245
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-9.6||CRITICAL
EPSS-0.94% / 75.28%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 17:35
Updated-27 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-VMware Enhanced Authentication Plug-in (EAP)enhanced_authentication_plugin
CWE ID-CWE-287
Improper Authentication
CVE-2018-6960
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-4.52% / 88.71%
||
7 Day CHG~0.00%
Published-20 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-horizon_daasHorizon DaaS
CWE ID-CWE-287
Improper Authentication
Details not found