CVE-2025-62348
HIGHSalt < 3006.17, 3006.0-3006.16, 3007.0-3007.8 - Remote Code Execution via Unsafe YAML Decode in junos Execution Module
Title source: llmDescription
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.
References (1)
Core 1
Core References
Release Notes release-notes
vendor-advisory
https://docs.saltproject.io/en/latest/topics/releases/3006.17.html
Scores
CVSS v3
7.8
EPSS
0.0001
EPSS Percentile
0.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (3)
pypi/salt
0 - 3006.17PyPI
Salt Project/Salt
3006.0 - 3006.17
Salt Project/Salt
3007.0 - 3007.9
Published
Jan 30, 2026
Tracked Since
Feb 18, 2026