CVE-2025-62724

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.0.8 Open OnDemand versions prior to 3.1.16

Description Open OnDemand is an open-source HPC portal. Users can potentially exploit a “Time of Check to Time of Use” (TOCTOU) condition when downloading zip files, allowing access to files outside of the OOD ALLOWLIST. This affects installations utilizing file browser allowlists. While files are accessed, UNIX permissions still apply to protect them.

Recommendations Update to Open OnDemand version 4.0.8 or later. Update to Open OnDemand version 3.1.16 or later.

Exploit

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-61CWE-367

Related Identifiers

CVE-2025-62724

GHSA-VJPG-34PX-GJRW

Affected Products

Open Ondemand

CVE-2025-62724

Weakness Enumeration

Related Identifiers

Affected Products

References · 7