CVE-2025-40760

Summary

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes for privileged accounts, which can then be subjected to offline brute-force attacks.

Affected Software

VendorProductVersion RangeStatus
SiemensAltair Grid Engine0 < V2026.0.0affected

Weaknesses

  • CWE-209: CWE-209: Generation of Error Message Containing Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References