What is the severity of CVE-2022-22935?

CVE-2022-22935 has a severity rating of LOW with a CVSS base score of 3.7.

CVE-2022-22935 | Low Vulnerability in SaltStack Salt

Q: What is CVE-2022-22935?

A low-severity vulnerability has been identified in SaltStack Salt, impacting versions prior to 3002.8, 3003.4, and 3004.1. This vulnerability allows a MiTM attacker to cause denial of service by impersonating a master. Immediate remediation is advised.

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, and 3004.1. This vulnerability allows a MiTM attacker to cause a denial of service by impersonating a master, which can force a minion process to stop. The severity of this vulnerability is classified as low, with a CVSS score of 3.7. Although the impact on availability is low, organizations should still be aware of the potential risks.

Risk to organizations includes potential downtime of minion processes, which could disrupt services reliant on SaltStack. Despite the low severity, the complexity of the attack is high, requiring no privileges or user interaction, making it a notable concern for defenders.

Organizations should prioritize patching immediately, as the lack of a public exploit does not eliminate the risk of attack. Awareness and proactive measures are necessary to mitigate the potential for exploitation.

The publication date of this vulnerability is March 29, 2022, and it has since been modified. Security teams should remain vigilant and monitor for any updates regarding this vulnerability.

This vulnerability is classified under CWE-287, which indicates issues related to authentication. Organizations using the affected versions of SaltStack Salt should take immediate action to address this vulnerability.

The CVSS vector string for this vulnerability is 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L', indicating a network attack vector with high complexity and low impact on availability.

In light of these details, it is crucial for organizations utilizing SaltStack to ensure they are operating versions 3002.8, 3003.4, or later to avoid this vulnerability.

For more information on vulnerability management and security assessments, organizations can explore resources like the application security assessment to enhance their protective measures.

In conclusion, while the immediate threat level may be low, organizations should not underestimate the potential impact and should act swiftly to mitigate any risks associated with CVE-2022-22935.

Security teams are encouraged to remain informed and prepared for any developments related to this vulnerability.

Organizations should validate remediation through penetration testing to identify similar weaknesses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE ID

Severity

CVE-2025-65418

HIGH

CVE-2025-65417

MEDIUM

CVE-2025-65416

MEDIUM

CVE-2025-65415

MEDIUM

CVE-2025-61314

HIGH

CVE-2022-22935: Low Vulnerability in SaltStack Salt

Latest CVEs. Recently published vulnerabilities from the NVD database.

Protect Your Business with Hacker-Focused Approach.