Remote Code Execution Vulnerability in Microsoft High Performance Compute Pack
CVE-2025-21198

9CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft HPc Pack 2019; Microsoft HPc Pack 2016
Vendor: CVE Published:; 11 February 2025

Summary

The vulnerability in the Microsoft High Performance Compute (HPC) Pack allows an attacker to execute arbitrary code on the affected system. By exploiting this flaw, attackers can potentially gain full control over the system, access sensitive data, and disrupt services. It is crucial for users of Microsoft HPC Pack to implement available security updates and best practices to mitigate the risks posed by this vulnerability.

Affected Version(s)

Microsoft HPC Pack 2016 Unknown 1.0.0 < 2016.3

Microsoft HPC Pack 2019 Unknown 1.0.0 < 6.3.8328.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 5, 2024