CVE-2025-62348
Published: 30 January 2026
Summary
CVE-2025-62348 is a high-severity Code Injection (CWE-94) vulnerability in Saltproject (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-62348 affects Salt's junos execution module, which contains unsafe YAML decode/load usage. A specially crafted YAML payload processed by the module can lead to unintended code execution under the context of the Salt process. This vulnerability, published on 2026-01-30, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-94 (code injection).
An attacker with local access and low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows arbitrary code execution in the context of the Salt process, potentially compromising confidentiality, integrity, and availability with high impact within the unchanged scope.
The Salt project advisory at https://docs.saltproject.io/en/latest/topics/releases/3006.17.html provides details on mitigation, including patches addressing this issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206569
Vulnerability details
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unsafe YAML deserialization in Salt enables local low-priv arbitrary Python code execution (CWE-94), directly mapping to privilege escalation via exploitation and Python interpreter abuse.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the vulnerability by requiring timely patching of the unsafe YAML decode/load in Salt's junos module as provided in the vendor advisory.
Mandates validation of YAML inputs to the junos module, blocking specially crafted payloads that enable code injection and execution.
Enforces least functionality by disabling or restricting the unnecessary junos execution module, preventing exploitation of its unsafe YAML processing.