CVE-2025-43904Incorrect Authorization in Slurm

CWE-863Incorrect AuthorizationCWE-476NULL Pointer Dereference7 documents7 sources
Severity
4.2MEDIUMNVD
EPSS
0.0%
top 99.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schedmd Slurm
Timeline
PublishedJan 16

Description

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages1 packages

CVEListV5schedmd/slurm2424.05.8+2

🔴Vulnerability Details

3
OSV
CVE-2025-43904: In SchedMD Slurm before 242026-01-16
GHSA
GHSA-2778-hrgh-cpxw: In SchedMD Slurm before 242026-01-16
CVEList
CVE-2025-43904: In SchedMD Slurm before 242026-01-16

📋Vendor Advisories

2
Debian
CVE-2025-43904: slurm-wlm - In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system ca...2025
Microsoft
drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing2024-08-13

🕵️Threat Intelligence

1
Wiz
CVE-2025-43904 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-43904 — Incorrect Authorization in Slurm | cvebase