CVE-2025-43904

Publication date 16 January 2026

Last updated 21 January 2026

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

4.2 · Medium

Score breakdown

Description

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.

Status

Package Ubuntu Release Status
slurm-wlm 25.10 questing
Not affected
25.04 plucky Ignored end of life, was needed
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Vulnerable
22.04 LTS jammy
Vulnerable

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
slurm-wlm

Severity score breakdown

Parameter Value
Base score 4.2 · Medium
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact Low
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

References

Other references