CVE-2025-43904
📋 TL;DR
This vulnerability in SchedMD Slurm allows a Coordinator user to escalate privileges to Administrator level through the accounting system. It affects Slurm clusters running vulnerable versions where Coordinator roles are configured. This could lead to unauthorized administrative access within the Slurm environment.
💻 Affected Systems
- SchedMD Slurm
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
A malicious Coordinator could gain full administrative control over the Slurm cluster, allowing them to modify job queues, access sensitive user data, disrupt cluster operations, or create persistent backdoors.
Likely Case
Accidental or intentional privilege escalation where a Coordinator gains administrative capabilities they shouldn't have, potentially leading to configuration changes or unauthorized access to other users' jobs and data.
If Mitigated
Limited impact if proper role separation and monitoring are in place, with regular audits of administrative actions and Coordinator activities.
🎯 Exploit Status
Exploitation requires existing Coordinator privileges. The vulnerability is in the accounting system's permission validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24.11.5, 24.05.8, or 23.11.11 depending on your branch
Vendor Advisory: https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce@lists.schedmd.com/message/B73QHKW6TKE2T5KDWVPIWNE5H4KWX667/
Restart Required: Yes
Instructions:
1. Identify your Slurm version branch (23.11.x, 24.05.x, or 24.11.x). 2. Upgrade to the patched version for your branch. 3. Restart Slurm daemons. 4. Verify the fix by checking version and testing Coordinator permissions.
🔧 Temporary Workarounds
Restrict Coordinator Access
linuxTemporarily remove or restrict Coordinator privileges until patching can be completed
# Review and modify Coordinator assignments in slurm.conf
# sacctmgr show coordinators
# sacctmgr remove coordinator <username>
Enhanced Monitoring
linuxImplement additional logging and monitoring for Coordinator activities
# Enable detailed accounting logging
# Set AccountingStorageEnforce=associations,qos in slurm.conf
# Monitor sacctmgr command usage
🧯 If You Can't Patch
- Implement strict role-based access control and regularly audit Coordinator activities
- Use network segmentation to isolate Slurm management interfaces from regular users
🔍 How to Verify
Check if Vulnerable:
Check Slurm version with 'slurmd -V' or 'scontrol show config | grep Version'. If version is before 24.11.5, 24.05.8, or 23.11.11, you are vulnerable.Check Version:
slurmd -VVerify Fix Applied:
After patching, verify version shows patched version and test that Coordinators cannot promote users to Administrator via accounting functions.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation attempts in Slurm accounting logs
- Coordinator users performing administrative actions
- Changes to user roles or permissions from Coordinator accounts
Network Indicators:
- Unexpected administrative commands from Coordinator IP addresses
SIEM Query:
source="slurm*" AND ("coordinator" AND ("admin" OR "privilege" OR "escalation"))