What is CVE-2025-62349?

CVE-2025-62349 is a medium-severity vulnerability in Salt Project, classified under Improper Authentication. CVSS score: 6.2/10. Published 2026-01-30.

How severe is CVE-2025-62349?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Auth bypass in Salt Project

CVE-2025-62349

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventin…

Vulnerability class: Broken Authentication

EPSS: 0.000 (5.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L.

Affected products

Salt Project — versions 3006.12, 3007.4

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

Salt 3006.17 release notes (fix and minimum_auth_version) (release-notes, vendor-advisory)
Salt 3007.9 release notes (fix and minimum_auth_version) (release-notes, vendor-advisory)

Frequently asked questions

What is CVE-2025-62349?: CVE-2025-62349 is a medium-severity vulnerability in Salt Project, classified under Improper Authentication. CVSS score: 6.2/10. Published 2026-01-30.
How severe is CVE-2025-62349?: Medium severity. CVSS v3 base score is 6.2 out of 10.