CVE-2025-22237

{"id": "CVE-2025-22237", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@vmware.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2025-06-13T07:15:21.010", "references": [{"url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "source": "security@vmware.com"}, {"url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "source": "security@vmware.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process."}, {"lang": "es", "value": "Un atacante con acceso a una clave de subordinado puede explotar la funcionalidad del pilar \"a pedido\" con una URL git especialmente manipulada que podr\u00eda hacer que se ejecute un comando arbitrario en el maestro con los mismos privilegios que el proceso maestro."}], "lastModified": "2025-06-16T12:32:18.840", "sourceIdentifier": "security@vmware.com"}