## AWS ParallelCluster 3.9.0-3.13.0: Slurm Accounting Vulnerability (CVE-2025-43904) Enables Privilege Escalation
A critical privilege escalation vulnerability in Slurm's accounting system, tracked as CVE-2025-43904, exposes AWS ParallelCluster users to significant security risks. The flaw, present in Slurm versions 23.11 and 24.05, allows a user with 'Coordinator' privileges to arbitrarily promote another user to the powerful 'Administrator' role. This bypasses intended access controls and grants unauthorized administrative control over the high-performance computing (HPC) cluster, potentially compromising job management, resource allocation, and sensitive data.

The vulnerability directly impacts all AWS ParallelCluster versions from 3.9.0 through 3.13.0, regardless of the underlying operating system. The exploit is contingent on two specific configurations: Slurm accounting must be enabled on the cluster, and Coordinator users must be configured. This creates a clear attack path for any malicious or compromised Coordinator account, turning a mid-level privilege into full cluster control. The issue stems from a flaw within the Slurm workload manager itself, a core component for job scheduling in many scientific and research computing environments.

The discovery prompts immediate scrutiny for organizations running affected ParallelCluster builds for research, financial modeling, or data analysis. While a detailed mitigation guide has been published by AWS, the presence of this vulnerability in a core scheduler component raises broader questions about supply chain security in managed HPC services. Administrators must apply patches or workarounds promptly to prevent insider threats or external attackers who gain a foothold from escalating their access across critical computational infrastructure.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE-2025-43904, Privilege Escalation, HPC Security, AWS, Slurm
- **Credibility**: unverified
- **Published**: 2026-04-08 15:27:25
- **ID**: 55305
- **URL**: https://whisperx.ai/en/intel/55305