CVE-2025-43904 in Slurm
Summary
by MITRE • 01/16/2026
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/16/2026
The vulnerability identified as CVE-2025-43904 affects the SchedMD Slurm workload management and job scheduling system, specifically targeting the accounting subsystem's privilege escalation mechanisms. This issue allows a user with Coordinator privileges to elevate their access level to Administrator status within the Slurm environment, representing a significant security flaw in the system's access control implementation. The vulnerability exists across multiple versions of Slurm including releases before 24.11.5, 24.05.8, and 23.11.11, indicating a prolonged period during which this security weakness was present in the software's codebase.
The technical flaw stems from inadequate privilege validation within the accounting system's user management functions. When a Coordinator attempts to perform administrative operations through the accounting subsystem, the system fails to properly verify whether the requesting user possesses the necessary authorization levels. This oversight creates an exploitable condition where users with lower privilege levels can manipulate system functions to gain elevated access rights. The vulnerability manifests through improper access control checks that should have prevented a Coordinator from executing administrative commands intended only for users with Administrator status.
The operational impact of this vulnerability is substantial for organizations relying on Slurm for cluster management and job scheduling. A malicious or compromised Coordinator user could exploit this weakness to gain full administrative control over the entire Slurm environment, potentially leading to unauthorized resource allocation, job manipulation, data theft, or system compromise. The elevated privileges would allow the attacker to modify critical system configurations, access sensitive user data, and potentially disrupt cluster operations. This vulnerability directly undermines the principle of least privilege and could enable lateral movement within cluster environments where Slurm serves as a central management component.
Organizations should immediately implement mitigations including upgrading to patched versions of Slurm where available, specifically versions 24.11.5, 24.05.8, and 23.11.11 or later releases. System administrators should also consider implementing additional access controls and monitoring mechanisms to detect unauthorized privilege escalation attempts. The vulnerability aligns with CWE-284, which addresses improper access control in software systems, and maps to ATT&CK technique T1078 for valid accounts and privilege escalation. Security teams should conduct comprehensive audits of Slurm configurations and user privilege assignments to ensure that Coordinator accounts do not possess unnecessary elevated capabilities that could be exploited through similar vectors.