CVE-2025-66433
BaseFortify
Publication date: 2025-11-30
Last updated on: 2025-11-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| htcondor | htcondor | 24.7.3 |
| htcondor | htcondor | 25.0.3 |
| htcondor | htcondor | 25.3.1 |
| htcondor | htcondor | 24.12.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HTCondor Access Point versions before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. Essentially, a user with some level of access can act as if they are another user, potentially gaining unauthorized privileges or access.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated user to impersonate other users on the local machine, which may lead to unauthorized access to data or resources, privilege escalation, and potential misuse of system capabilities under another user's identity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update HTCondor Access Point to version 24.12.14, 25.0.3, 25.3.1, or later. Avoid using affected versions starting from 24.7.3 up to but not including the fixed versions.