{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22242", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2025-01-02T04:30:06.833Z", "datePublished": "2025-06-13T07:08:12.518Z", "dateUpdated": "2025-06-17T17:25:29.513Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Salt", "product": "SALT", "vendor": "VMware", "versions": [{"lessThan": "3006.12", "status": "affected", "version": "3006.x", "versionType": "lts"}, {"lessThan": "3007.4", "status": "affected", "version": "3007.x", "versionType": "sts"}]}], "datePublic": "2025-06-12T07:33:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Worker process denial of service through file read operation. .A vulnerability exists in the Master's \u201cpub_ret\u201d method which is exposed to all minions. The un-sanitized input value \u201cjid\u201d is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.<br><br></p>"}], "value": "Worker process denial of service through file read operation. .A vulnerability exists in the Master's \u201cpub_ret\u201d method which is exposed to all minions. The un-sanitized input value \u201cjid\u201d is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-06-13T07:08:12.518Z"}, "references": [{"url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"}, {"url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"}], "source": {"discovery": "UNKNOWN"}, "title": "CVE-2025-22242 salt advisory", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-13T15:23:55.859324Z", "id": "CVE-2025-22242", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T17:25:29.513Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-22242", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-13T15:23:55.859324Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T15:24:01.021Z"}}], "cna": {"title": "CVE-2025-22242 salt advisory", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VMware", "product": "SALT", "versions": [{"status": "affected", "version": "3006.x", "lessThan": "3006.12", "versionType": "lts"}, {"status": "affected", "version": "3007.x", "lessThan": "3007.4", "versionType": "sts"}], "packageName": "Salt", "defaultStatus": "unaffected"}], "datePublic": "2025-06-12T07:33:00.000Z", "references": [{"url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"}, {"url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Worker process denial of service through file read operation. .A vulnerability exists in the Master's \u201cpub_ret\u201d method which is exposed to all minions. The un-sanitized input value \u201cjid\u201d is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.", "supportingMedia": [{"type": "text/html", "value": "<p>Worker process denial of service through file read operation. .A vulnerability exists in the Master's \u201cpub_ret\u201d method which is exposed to all minions. The un-sanitized input value \u201cjid\u201d is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.<br><br></p>", "base64": false}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-06-13T07:08:12.518Z"}}}, "cveMetadata": {"cveId": "CVE-2025-22242", "state": "PUBLISHED", "dateUpdated": "2025-06-17T17:25:29.513Z", "dateReserved": "2025-01-02T04:30:06.833Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2025-06-13T07:08:12.518Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Worker process denial of service through file read operation. .A vulnerability exists in the Master's \u201cpub_ret\u201d method which is exposed to all minions. The un-sanitized input value \u201cjid\u201d is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system."}, {"lang": "es", "value": "Denegaci\u00f3n de servicio del proceso de trabajo mediante la operaci\u00f3n de lectura de archivos. Existe una vulnerabilidad en el m\u00e9todo \"pub_ret\" del maestro, que est\u00e1 expuesta a todos los minions. El valor de entrada \"jid\", sin depurar, se utiliza para construir una ruta que posteriormente se abre para lectura. Un atacante podr\u00eda explotar esta vulnerabilidad intentando leer un nombre de archivo que no devuelva datos, por ejemplo, atacando un nodo de canalizaci\u00f3n en el sistema de archivos proc."}], "id": "CVE-2025-22242", "lastModified": "2025-06-17T18:15:25.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 5.2, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2025-06-13T07:15:21.710", "references": [{"source": "security@vmware.com", "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"}, {"source": "security@vmware.com", "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}