HTCONDOR-2025-0002

HTCondor
Overview
Download
Documentation
Release Highlights
Release Schedule

HTCondor-CE
Overview
Download
Documentation
Release Highlights

General
News
Security
Documentation
Download

Documentation
HTCondor
HTCondor-CE

Support
HTCSS Contract Support
Community Mailing List
External Support Organizations

Email Lists
Users / Help
World / Announcements

Workshops
Throughput Computing 2025
Materials from past Workshops

Featured Users

One Researcher’s Leap into Throughput Computing: Bringing Machine Learning to Dairy Farm Management

November 17, 2025

Unlocking New Frontiers in Drug Discovery: High Throughput Computing in the Thyme Lab

Bringing The National Research Platform Capacity to the HTC Community

Oral Roberts University Advances Cyberinfrastructure with OSPool Integration

Learning and adapting with OSG: Investigating the strong nuclear force

View All Featured Users

HTCSS
What is HTCSS?
Logos

CHTC
Website ⬏
Staff ⬏
Jobs ⬏
Research & Publications ⬏

What is HTCSS?

HTCondor Software Suite (HTCSS) provides an array of services for automating and managing batch workloads and computing resources.

HTCONDOR-2025-0002

CVE-2025-XXXXX

Summary:

A user can submit a specially-crafted job that will run as any other non-root user after the Access Point (AP) is upgraded to a vulnerable version.

Component	Vulnerable Versions	Platform	Availability	Fix Available
Schedd daemon	24.7.3 and above	All platforms	Not known to be publicly exploited	24.12.14, 25.0.3, 25.3.1
Status	Access Required	Host Type Required	Effort Required	Impact/Consequences
Verified	WRITE access to Schedd	Submit host	Low	Medium
Fixed Date	Credit
2025-11-03	Todd Tannenbaum

Access Required: WRITE access to Schedd

An attacker must be authorized to submit jobs to the schedd.

Effort Required: Low

The attacker must submit a specially-crafted job to the schedd, then wait for the schedd to be upgraded to a vulnerable version. No special tools are required.

Impact/Consequences Required: Medium

The attacker's specially-crafted job will be run as if it had been submitted by another non-privileged user in the pool (selected by the attacker before the upgrade).

Workaround:

An attack cannot be initiated if the AP is already running a vulnerable version. To check for potential exploit jobs, you can run this command:

condor_q -all -constraint 'OsUser != Owner'

You can then use condor_rm to remove any suspicious jobs.

Full Details:

Embargoed until future notice.

Suite
HTCondor
HTCondor-CE

Software
Documentation
Download
Security
License

Community
Contact Us
HTCondor Week

Support
Internal Contract
External Organizations

HTCSS is a product of the continued support of the organizations listed above.

For comments or questions about this website, please email htcondor-admin@cs.wisc.edu
This work is supported by NSF under Cooperative Agreement OAC-2030508 as part of the PATh Project.

If you are looking for Phoenix Software International's software development and library management system for z/VSE or z/OS, you can find more information on their website.