#VU103801 Missing Authentication for Critical Function in Microsoft HPC Pack - CVE-2025-21198

Cybersecurity Help s.r.o.

Published: 2025-02-11

Vulnerability identifier: #VU103801

Vulnerability risk: Medium

CVSSv4.0: 2.5 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Green]

CVE-ID: CVE-2025-21198

CWE-ID: CWE-306

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Microsoft HPC Pack
Other software / Other software solutions

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to missing authentication for critical function in Microsoft High Performance Compute (HPC) Pack. A remote user on the local network can execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Microsoft HPC Pack: 2016 - 2019

External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21198

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Remote code execution in Microsoft High Performance Compute (HPC) Pack