Salt Authentication Protocol Version Downgrade Allows Minion Impersonation

GHSA-vcf3-26xf-fw4m · CVE-2025-62349

Published Jan 30, 2026 · Modified Feb 3, 2026

Description

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-62349
WEB https://github.com/saltstack/salt/issues/68467
WEB https://github.com/saltstack/salt/commit/3d5708acae16d039a1e2b5529c8e14a0d3255611
WEB https://docs.saltproject.io/en/latest/topics/releases/3006.17.html
WEB https://docs.saltproject.io/en/latest/topics/releases/3007.9.html
PACKAGE https://github.com/saltstack/salt

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes