CVE-2025-40760
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-11

Last updated on: 2025-11-11

Assigner: Siemens AG

Description
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes for privileged accounts, which can then be subjected to offline brute-force attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-11
Last Modified
2025-11-11
Generated
2026-05-07
AI Q&A
2025-11-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40760
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
siemens altair_grid_engine 2026.0.0
siemens altair_grid_engine 2025.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Altair Grid Engine versions prior to V2026.0.0, where the software improperly handles error messages during user authentication. As a result, it discloses sensitive password hash information. A local attacker could exploit this flaw to extract password hashes of privileged accounts and then attempt offline brute-force attacks to recover the actual passwords.


How can this vulnerability impact me? :

If exploited, this vulnerability could allow a local attacker to obtain password hashes for privileged accounts. This could lead to unauthorized access if the attacker successfully cracks the hashes through offline brute-force attacks, potentially compromising sensitive systems and data.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart