CVE-2025-43904

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce@lists.schedmd.com/message/B73QHKW6TKE2T5KDWVPIWNE5H4KWX667/
https://www.schedmd.com/security-policy/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) En SchedMD Slurm antes de 24.11.5, 24.05.8 y 23.11.11, el sistema de contabilidad puede permitir a un Coordinador promover a un usuario a Administrador.

16 Jan 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-16 18:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-43904

Mitre link : CVE-2025-43904

CVE.ORG link : CVE-2025-43904

JSON object : View

Products Affected

No product.

CWE

CWE-863

Incorrect Authorization

4.2 /10