Path Hijacking Vulnerability in Altair Grid Engine by Siemens
CVE-2025-40763

8.5HIGH

Key Information:

Vendor: Siemens
Status: Altair Grid Engine
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-40763?

A significant vulnerability has been identified in Altair Grid Engine that affects all versions prior to V2026.0.0. The flaw arises from improper validation of environment variables during the loading of shared libraries. This oversight enables malicious actors to perform path hijacking by substituting libraries with their own malicious versions. Consequently, a local attacker could exploit this vulnerability to execute arbitrary code with elevated superuser privileges by manipulating the environment variables and placing a rogue library in the controlled path.

Affected Version(s)

Altair Grid Engine 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5148...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 16, 2025

JSON