CVE-2025-62349 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-62349 PUBLISHED CVSS 6.199999809265137 MEDIUM

Salt Authentication Protocol Version Downgrade Allows Minion Impersonation

EPSS 0.03% · 8.5th percentile

Risk Scores

CVSS v3.1

6.199999809265137

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS Score

0.03%

8.5th percentile

Affected Products

Vendor	Product	Versions
Salt Project	Salt	3006.12, 3007.4
PyPI	salt	3006.12, 3007.4

Timeline

Jan 30, 2026 CVE Published
Jan 31, 2026 EPSS Score
Feb 1, 2026 CVE Updated
Feb 2, 2026 EPSS Score
Feb 4, 2026 EPSS Score
Feb 5, 2026 EPSS Score
Feb 7, 2026 EPSS Score
Feb 9, 2026 EPSS Score
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 15, 2026 EPSS Score
Feb 16, 2026 EPSS Score

References

Salt 3006.17 release notes (fix and minimum_auth_version) vendor-advisory
Salt 3007.9 release notes (fix and minimum_auth_version) vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-62349 advisory
https://github.com/saltstack/salt/issues/68467 url
https://github.com/saltstack/salt/commit/3d5708acae16d039a1e2b5529c8e14a0d3255611 url
https://github.com/saltstack/salt package

Open in Interactive Console →