diff --git a/SaltStack/CVE-2021-25282/CVE-2021-25282.gif b/SaltStack/CVE-2021-25282/CVE-2021-25282.gif
new file mode 100644
index 0000000..20ec991
Binary files /dev/null and b/SaltStack/CVE-2021-25282/CVE-2021-25282.gif differ
diff --git a/SaltStack/CVE-2021-25282/README.md b/SaltStack/CVE-2021-25282/README.md
new file mode 100644
index 0000000..58f295c
--- /dev/null
+++ b/SaltStack/CVE-2021-25282/README.md
@@ -0,0 +1,9 @@
+# SaltStack pillar_roots.write File Write (CVE-2021-25282)
+
+An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
+
+**FOFA query rule**: [app="SALTSTACK-产品"](https://fofa.so/result?qbase64=YXBwPSJTQUxUU1RBQ0st5Lqn5ZOBIg%3D%3D)
+
+# Demo
+
+![](CVE-2021-25282.gif)
\ No newline at end of file