VYPR
Medium severity6.3GHSA Advisory· Published Jun 13, 2025· Updated Jun 17, 2026

CVE-2025-22240

CVE-2025-22240

Description

Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
saltPyPI
>= 3007.0rc1, < 3007.43007.4
saltPyPI
>= 3006.0rc1, < 3006.123006.12

Affected products

49

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.