{"id":"GHSA-xh32-3m67-qjgf","summary":"Salt allows arbitrary directory creation or file deletion","details":"Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.","aliases":["CVE-2025-22240"],"modified":"2025-06-13T22:27:16.181167Z","published":"2025-06-13T09:30:33Z","database_specific":{"severity":"MODERATE","github_reviewed_at":"2025-06-13T21:54:24Z","nvd_published_at":"2025-06-13T07:15:21Z","cwe_ids":["CWE-22"],"github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22240"},{"type":"WEB","url":"https://github.com/saltstack/salt/commit/f7c28ffbf18dbf693a15b1ba9493918de3e88cf3"},{"type":"WEB","url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"type":"WEB","url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"},{"type":"PACKAGE","url":"https://github.com/saltstack/salt"}],"affected":[{"package":{"name":"salt","ecosystem":"PyPI","purl":"pkg:pypi/salt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3007.0rc1"},{"fixed":"3007.4"}]}],"versions":["3007.0","3007.0rc1","3007.1","3007.2","3007.3"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-xh32-3m67-qjgf/GHSA-xh32-3m67-qjgf.json"}},{"package":{"name":"salt","ecosystem":"PyPI","purl":"pkg:pypi/salt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3006.0rc1"},{"fixed":"3006.12"}]}],"versions":["3006.0","3006.0rc1","3006.0rc2","3006.0rc3","3006.1","3006.10","3006.11","3006.2","3006.3","3006.4","3006.5","3006.6","3006.7","3006.8","3006.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-xh32-3m67-qjgf/GHSA-xh32-3m67-qjgf.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"}]}