(3.9.0‐3.13.0) Privilege escalation on Slurm accounting caused by CVE‐2025‐43904

The issue

Slurm versions 23.11 and 24.05 are affected by CVE-2025-43904. When Slurm accounting is enabled on the cluster, this vulnerability allows a Coordinator user to promote another user to Administrator.

Affected ParallelCluster versions, OSes and schedulers

All ParallelCluster versions from 3.9.0 to 3.13.0 on all OSes, when Slurm accounting is enabled and Coordinator users are configured.

Mitigation

To mitigate this issue, we recommend upgrading the Slurm version on your running cluster to the maintenance version that ships the fix. To this aim you must upgrade Slurm within the same minor version. In particular:

For ParallelCluster >=3.9.0,<=3.12.0, which ship Slurm 23.11: upgrade to Slurm 23.11.11.
For ParallelCluster 3.13.0, which ship Slurm 24.05: upgrade to Slurm 24.05.8.

To upgrade Slurm on a running cluster, then follow the steps in Upgrade Slurm in an AWS ParallelCluster cluster.

(3.9.0‐3.13.0) Privilege escalation on Slurm accounting caused by CVE‐2025‐43904

The issue

Affected ParallelCluster versions, OSes and schedulers

Mitigation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!