CVE-2025-62349 — Vulnetix

CVE-2025-62349 PUBLISHED CVSS 6.199999809265137 MEDIUM

Salt Authentication Protocol Version Downgrade Allows Minion Impersonation

EPSS 0.02% · 5.1th percentile

Risk Scores

CVSS 3.1

6.199999809265137

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS Score

0.02%

5.1th percentile

Affected Products

Vendor	Product	Versions
Salt Project	Salt	3007.4, 3006.12, 3007.4
PyPI	salt	3006.12, 3007.4, 3006.12

Exploit Intelligence

Salt 3006.17 release notes (fix and minimum_auth_version) (circl)
Salt 3007.9 release notes (fix and minimum_auth_version) (circl)
Minions.js (github-poc)
Minions.js (github-poc)
Minions.js (github-poc)
Minions.js (github-poc)
Minions.js (github-poc)
Minions.js (github-poc)
Minions.js (github-poc)
Minions.js (github-poc)

Timeline

Jan 30, 2026 CVE Published
Jan 31, 2026 EPSS Score
Feb 1, 2026 CVE Updated
Feb 2, 2026 EPSS Score
Feb 5, 2026 EPSS Score
Feb 7, 2026 EPSS Score
Feb 10, 2026 EPSS Score
Feb 12, 2026 EPSS Score
Feb 14, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 21, 2026 EPSS Score

References

Salt 3006.17 release notes (fix and minimum_auth_version) vendor-advisory
Salt 3007.9 release notes (fix and minimum_auth_version) vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-62349 advisory
https://github.com/saltstack/salt/issues/68467 url
https://github.com/saltstack/salt/commit/3d5708acae16d039a1e2b5529c8e14a0d3255611 url
https://github.com/saltstack/salt package

Open in Interactive Console →

$ Console Community · 100/wk Open console ›