CVE-2025-43904 is an authorization vulnerability classified under CWE-863 found in the accounting system of SchedMD Slurm, a widely used open-source workload manager for high-performance computing (HPC) clusters. The flaw exists in versions before 24.11.5, 24.05.8, and 23.11.11, where a user with Coordinator-level privileges can improperly escalate their permissions to Administrator level. This occurs because the system does not adequately verify whether a Coordinator is authorized to perform user promotion actions, allowing privilege escalation within the cluster management environment. The vulnerability is exploitable remotely over the network (AV:N) but requires low privileges (PR:L) and no user interaction (UI:N). The attack complexity is high (AC:H), indicating some non-trivial conditions must be met to exploit it. The impact primarily affects confidentiality and integrity, as unauthorized administrators can access sensitive job data, modify configurations, or disrupt accounting records, but it does not affect availability. No patches or exploits are currently publicly available, but the flaw poses a risk to HPC environments relying on Slurm for resource scheduling and accounting. The vulnerability highlights the need for strict role-based access control enforcement in cluster management systems.

For European organizations operating HPC clusters with Slurm, this vulnerability could lead to unauthorized administrative access, allowing attackers to manipulate job scheduling, access sensitive computational data, or alter accounting records. This could compromise research confidentiality, data integrity, and trust in computational results. While availability is not directly impacted, the integrity and confidentiality breaches could disrupt scientific workflows and lead to intellectual property theft or sabotage. Organizations in academia, research institutions, and industries relying on HPC for simulations, data analysis, or modeling are particularly vulnerable. The medium CVSS score reflects a moderate risk, but the potential for insider threats or compromised Coordinator accounts elevates the concern. Without proper mitigation, attackers could leverage this flaw to gain persistent elevated privileges, complicating incident response and recovery.

1. Upgrade Slurm to versions 24.11.5, 24.05.8, or 23.11.11 or later where the vulnerability is fixed. 2. Until patching is possible, restrict Coordinator privileges strictly and audit Coordinator actions regularly to detect unauthorized promotions. 3. Implement network segmentation and access controls to limit which users can reach the Slurm accounting system interfaces. 4. Employ multi-factor authentication for Coordinator and Administrator accounts to reduce risk of credential compromise. 5. Monitor Slurm logs for unusual privilege escalation attempts or changes in user roles. 6. Review and tighten role-based access control policies within Slurm configurations to ensure least privilege principles. 7. Educate HPC cluster administrators about the risk and signs of exploitation to enable rapid detection and response.