CVE-2025-40763— Siemens Altair Grid Engine 代码问题漏洞

N/A

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary code with superuser privileges by manipulating the environment variable and placing a malicious library in the controlled path.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

对搜索路径元素未加控制

Siemens Altair Grid Engine 代码问题漏洞

Siemens Altair Grid Engine是美国Siemens公司的一个分布式资源管理系统。 Siemens Altair Grid Engine V2026.0.0之前版本存在代码问题漏洞，该漏洞源于加载共享库时未正确验证环境变量，可能导致通过恶意库替换进行路径劫持，从而以超级用户权限执行任意代码。

N/A

N/A