PT-2025-46540 · Altair · Altair Grid Engine
Published
2025-11-11
·
Updated
2025-11-11
·
CVE-2025-40763
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Altair Grid Engine versions prior to 2026.0.0
Description
The software does not properly validate environment variables when loading shared libraries, which can allow for path hijacking through malicious library substitution. A local attacker could potentially execute arbitrary code with superuser privileges by manipulating the environment variable and placing a malicious library in a controlled path.
Recommendations
Update to version 2026.0.0 or later.
Fix
LPE
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Altair Grid Engine