Listen to this Post
How the CVE Works:
The vulnerability in Salt’s `salt.auth.pki` module stems from improper caller authentication. The module validates the “password” field as a public certificate against a CA certificate but fails to verify whether the caller possesses the corresponding private key. This flaw allows attackers to bypass PKI authentication by submitting a valid public certificate without demonstrating private key ownership, effectively granting unauthorized access.
DailyCVE Form:
Platform: SaltStack
Version: >=3006.0rc1, <3006.12 | >=3007.0rc1, <3007.4
Vulnerability: Authentication Bypass
Severity: Moderate
Date: Jun 13, 2025
Prediction: Patch by Jul 15, 2025
What Undercode Say:
Check Salt version salt --versions-report Verify PKI auth logs grep "pki" /var/log/salt/master
How Exploit:
An attacker crafts a request with a valid public certificate in the “password” field, bypassing private key validation.
Protection from this CVE:
Upgrade to Salt 3006.12 or 3007.4.
Impact:
Unauthorized access to SaltStack services.
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
