High severity7.8NVD Advisory· Published Jan 30, 2026· Updated Apr 15, 2026
CVE-2025-62348
CVE-2025-62348
Description
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | < 3006.17 | 3006.17 |
Affected products
1- Package: https://pypi.org/project/salt
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-77w2-v593-vxvvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-62348ghsaADVISORY
- docs.saltproject.io/en/latest/topics/releases/3006.17.htmlnvdWEB
- github.com/saltstack/salt/issues/68469ghsaWEB
- github.com/saltstack/salt/pull/68472/commits/c17fd645edef208233dcac855615fced69409a00ghsaWEB
News mentions
0No linked articles in our index yet.