CVE-2025-21198

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-21198
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

9.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21198 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:hpc_pack_2016:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:hpc_pack_2019:*:*:*:*:*:*:*:*
History

17 Jun 2026, 08:42

Type Values Removed Values Added
First Time Microsoft hpc Pack 2016
Microsoft hpc Pack 2019
Microsoft
CPE cpe:2.3:a:microsoft:hpc_pack_2016:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:hpc_pack_2019:*:*:*:*:*:*:*:*
Summary
  • (es) Vulnerabilidad de ejecución remota de código en el paquete de computación de alto rendimiento (HPC) de Microsoft
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21198 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21198 - Patch, Vendor Advisory
CWE NVD-CWE-noinfo

11 Feb 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-11 18:15

Updated : 2026-06-17 08:42

NVD link : CVE-2025-21198

Mitre link : CVE-2025-21198

CVE.ORG link : CVE-2025-21198

JSON object : View

Products Affected

microsoft

  • hpc_pack_2016
  • hpc_pack_2019
CWE
CWE-306

Missing Authentication for Critical Function

NVD-CWE-noinfo