VMware SaltStack Arbitrary Command Execution Vulnerability via On-Demand Pillar Functionality

Vulnerability

A vulnerability exists in VMware SaltStack that allows an attacker with access to a minion key to exploit the 'on demand' pillar functionality. By using a specially crafted Git URL, the attacker can execute arbitrary commands on the Salt master with the same privileges as the master process. This issue is present in Salt versions 3006.12 and 3007.0 through 3007.4.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the Salt master, potentially allowing for privilege escalation or other malicious actions, depending on the commands executed.

Added: Jun 13, 2025, 7:37 AM

Updated: Jun 13, 2025, 7:37 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware SaltStack Arbitrary Command Execution Vulnerability via On-Demand Pillar Functionality

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating