CVE-2025-66433Incorrect Authorization in Htcondor

CWE-863Incorrect Authorization5 documents5 sources
Severity
4.2MEDIUMNVD
EPSS
0.0%
top 94.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wisc Htcondor
Timeline
PublishedNov 30

Description

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 1.1 | Impact: 2.7

Affected Packages1 packages

CVEListV5wisc/htcondor24.7.324.12.14+2

🔴Vulnerability Details

3
CVEList
CVE-2025-66433: HTCondor Access Point before 252025-11-30
GHSA
GHSA-7cjv-vw69-7fxx: HTCondor Access Point before 252025-11-30
OSV
CVE-2025-66433: HTCondor Access Point before 252025-11-30

📋Vendor Advisories

1
Debian
CVE-2025-66433: condor - HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate ...2025
CVE-2025-66433 — Incorrect Authorization in Htcondor | cvebase