PyPI: salt

CVE-2025-22237

Safety vulnerability ID: SFTY-20250620-48483

Safety legacy ID: pyup.io-77732

Affected versions of this package are vulnerable to Command Injection due to insufficient input validation in the on-demand pillar functionality. The pillar processing system fails to properly sanitize Git URL inputs provided by minions when dynamically fetching external pillar data, leading to arbitrary command execution on the Salt Master. An attacker with access to a minion key can exploit this vulnerability by crafting malicious Git URLs containing command injection payloads that are executed when the master processes the on-demand pillar request.

PythonPyPINVDNVDGitHubGHSA
Created at: May 22, 2026Updated at: May 22, 2026

Overview

Salt's on demand pillar functionality vulnerable to arbitrary command injections

Advisory

Affected versions of this package are vulnerable to Command Injection due to insufficient input validation in the on-demand pillar functionality. The pillar processing system fails to properly sanitize Git URL inputs provided by minions when dynamically fetching external pillar data, leading to arbitrary command execution on the Salt Master. An attacker with access to a minion key can exploit this vulnerability by crafting malicious Git URLs containing command injection payloads that are executed when the master processes the on-demand pillar request.

Affected Package

Affecting salt package, versions
>=3006.0rc1,<3006.12
>=3007.0rc1,<3007.4

Also affects

---

How to Fix

Upgrade
salt
to
3006.12
3007.4
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more