Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-22238

Summary
Assigner-vmware
Assigner Org ID-dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At-13 Jun, 2025 | 06:58
Updated At-13 Jun, 2025 | 13:55
Rejected At-
Credits

CVE-2025-22238 salt advisory

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:vmware
Assigner Org ID:dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At:13 Jun, 2025 | 06:58
Updated At:13 Jun, 2025 | 13:55
Rejected At:
▼CVE Numbering Authority (CNA)
CVE-2025-22238 salt advisory

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

Affected Products
Vendor
VMware (Broadcom Inc.)VMware
Product
SALT
Package Name
Salt
Default Status
unaffected
Versions
Affected
  • From 3006.x before 3006.12 (lts)
  • From 3007.x before 3007.4 (sts)
Metrics
VersionBase scoreBase severityVector
3.14.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 4.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
N/A
https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
N/A
Hyperlink: https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
Resource: N/A
Hyperlink: https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@vmware.com
Published At:13 Jun, 2025 | 07:15
Updated At:16 Jun, 2025 | 12:32

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 4.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-22Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-22
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.saltproject.io/en/3006/topics/releases/3006.12.htmlsecurity@vmware.com
N/A
https://docs.saltproject.io/en/3007/topics/releases/3007.4.htmlsecurity@vmware.com
N/A
Hyperlink: https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
Source: security@vmware.com
Resource: N/A
Hyperlink: https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
Source: security@vmware.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2025-41229
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-8.2||HIGH
EPSS-0.92% / 75.06%
||
7 Day CHG~0.00%
Published-20 May, 2025 | 12:53
Updated-24 Jun, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VMware Cloud Foundation Directory Traversal Vulnerability

VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Cloud Foundation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-22240
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 3.48%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 07:03
Updated-16 Jun, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-22240 salt advisory

Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-SALT
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-22241
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-5.6||MEDIUM
EPSS-0.06% / 17.78%
||
7 Day CHG+0.01%
Published-13 Jun, 2025 | 07:04
Updated-17 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-22241 salt advisory

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-SALT
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-41242
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 14.15%
||
7 Day CHG+0.01%
Published-18 Aug, 2025 | 08:47
Updated-25 Aug, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: * the application is deployed as a WAR or with an embedded Servlet container * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title  with Spring resource handling We have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Spring Framework
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-22232
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-7.7||HIGH
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 06:54
Updated-05 Nov, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Specially crafted url can be created which leads to a directory traversal in the salt file server

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Salt Project
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-22231
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-5||MEDIUM
EPSS-0.50% / 64.83%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 06:51
Updated-30 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Syndic cache directory creation is vulnerable to a directory traversal attack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Salt Project
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-38824
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-9.6||CRITICAL
EPSS-0.13% / 33.28%
||
7 Day CHG+0.02%
Published-13 Jun, 2025 | 07:10
Updated-10 Jul, 2025 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2024-38824 salt advisory

Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.

Action-Not Available
Vendor-saltstackVMware (Broadcom Inc.)
Product-saltSALT
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Details not found