2016.3
6.3.8328.0
CVE-2025-21198 is a critical Remote Code Execution (RCE) vulnerability discovered in Microsoft HPC Pack. This flaw allows an attacker to execute arbitrary code on a vulnerable system, potentially leading to complete system compromise. The vulnerability affects versions 1.0.0 through 2016.3 of Microsoft HPC Pack, and a patch is available in version 2016.3.
Successful exploitation of CVE-2025-21198 allows an attacker to execute arbitrary code with the privileges of the affected process. This could lead to complete system takeover, data theft, and the installation of malware. Given the HPC environment often involves sensitive data and complex computations, the impact can be severe. Attackers could leverage this vulnerability to gain persistent access, move laterally within the network, and potentially compromise other systems connected to the HPC cluster. The potential for data exfiltration and disruption of critical operations is high.
CVE-2025-21198 was publicly disclosed on 2025-02-11. Exploitation context is currently unknown, and no public proof-of-concept (POC) code has been released. The CVSS score of 9.0 (CRITICAL) indicates a high probability of exploitation if a POC becomes available. Monitor CISA KEV listings and security advisories for updates regarding active exploitation campaigns.
Organizations heavily reliant on Microsoft HPC Pack for scientific computing, simulations, and data analysis are at significant risk. Specifically, environments with older, unpatched HPC Pack installations and those lacking robust network segmentation are particularly vulnerable. Shared hosting environments utilizing HPC Pack also present a heightened risk due to potential cross-tenant exploitation.
• windows / supply-chain:
Get-Process -Name *hpcpack* | Select-Object ProcessId, CommandLine• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-HPCPackService']] and EventID=1000]" -MaxEvents 10• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*hpcpack*'}disclosure
漏洞利用状态
EPSS
0.15% (36% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-21198 is to upgrade Microsoft HPC Pack to version 2016.3 or later, which contains the fix. If immediate upgrade is not possible due to compatibility concerns or downtime requirements, consider isolating affected systems from external networks and implementing strict network segmentation to limit potential attack vectors. Review firewall rules to restrict access to HPC Pack services. While a direct WAF rule is unlikely, monitoring network traffic for unusual patterns associated with RCE attempts can provide early warning signs.
将 Microsoft HPC Pack 更新到 2016.3 或更高版本,或 6.3.8328.0 或更高版本,具体取决于您的环境。 这将修复远程代码执行漏洞。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-21198 is a critical Remote Code Execution vulnerability in Microsoft HPC Pack versions 1.0.0–2016.3, allowing attackers to execute code. It has a CVSS score of 9.0.
You are affected if you are running Microsoft HPC Pack versions 1.0.0 through 2016.3. Check your version and upgrade immediately.
Upgrade Microsoft HPC Pack to version 2016.3 or later to resolve the vulnerability. If immediate upgrade is not possible, isolate affected systems.
Currently, there are no confirmed reports of active exploitation, but the high CVSS score suggests a potential for exploitation.
Refer to the Microsoft Security Update Guide for the latest information and advisory details: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21198]