CVE-2025-43904 MEDIUM

CVE-2025-43904

Vendor Schedmd
Product Slurm
Weakness CWE-863 · Incorrect authorization
Published January 16, 2026
Last update January 20, 2026

CVSS base score

4.2/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.

Key dates

02Disclosure timeline

January 16, 2026 CVE published
January 20, 2026 Record updated