See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2025-21198

CVSS 3.1 Score 9 of 10 (high)

Details

Published Feb 11, 2025

CWE ID 306

Summary

CVE-2025-21198 is a critical remote code execution vulnerability affecting Microsoft's High Performance Compute (HPC) Pack. This issue allows unauthenticated attackers to execute arbitrary code on vulnerable systems by exploiting a flaw in the HPC Pack's Job Manager component. Successful exploitation could lead to significant security risks, including data theft, unauthorized system access, or even complete system takeover. Microsoft strongly advises users to apply the available patch to mitigate this threat. In essence, CVE-2025-21198 is a remote code execution vulnerability that can be exploited without authentication in Microsoft's HPC Pack, potentially resulting in severe consequences for affected systems, such as data breaches or system compromise. Microsoft's HPC Pack encounters a vital remote code execution vulnerability, CVE-2025-21198, which leaves systems susceptible to unauthenticated attacks. Attackers may leverage this flaw to execute arbitrary code, posing significant risks, including data theft and unauthorized system access. Microsoft urges users to apply the released patch to address this vulnerability and protect their systems from potential exploitation. The latest discovery in Microsoft's security landscape involves CVE-2025-21198, a remote code execution vulnerability affecting the HPC Pack. Unauthenticated attackers can exploit this flaw to execute arbitrary code, potentially leading to severe consequences, such as data breaches or system compromise. Microsoft strongly recommends users to apply the patch to mitigate this risk. Microsoft's High Performance Compute (HPC) Pack has been identified with a remote code execution vulnerability, CVE-2025-21198. Attackers can exploit this issue to gain unauthenticated access and execute arbitrary code, resulting in potential data breaches or system compromise. Microsoft advises users to apply the patch to protect their systems from this threat. A new vulnerability, CVE-2025-21198, has been discovered in Microsoft's HPC Pack. This remote code execution issue allows unauthenticated attackers to execute arbitrary code, carrying significant risks, including data breaches and system compromise. Microsoft encourages users to apply the patch to address this vulnerability and safeguard their systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database