CVE-2025-22237

Published: Jun 13, 2025
Updated: Jun 30, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-22237" target="_blank" rel="noopener"> CVE-2025-22237
GHSA: <a href="https://github.com/advisories/GHSA-fcr4-h6c4-rvvp" target="_blank" rel="noopener"> GHSA-fcr4-h6c4-rvvp
Severity: Medium
Exploit:

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.