CVE-2025-43904

Summary

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.

Affected Software

VendorProductVersion RangeStatus
SchedMDSlurm0 < 23.11.11affected
SchedMDSlurm24 < 24.05.8affected
SchedMDSlurm24.06 < 24.11.5affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References