Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
4 vulnerabilities found for Microsoft HPC Pack 2019 by Microsoft
CVE-2025-55232 (GCVE-0-2025-55232)
Vulnerability from nvd – Published: 2025-09-09 17:01 – Updated: 2026-02-20 16:00
VLAI?
Title
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Summary
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft HPC Pack 2019 |
Affected:
1.0.0 , < 6.3.8352 Quick Fix QFE
(custom)
|
Date Public ?
2025-09-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T18:51:54.322964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T18:52:02.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft HPC Pack 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.8352 Quick Fix QFE",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:microsoft_hpc_pack_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.8352 Quick Fix QFE",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:00:33.073Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55232"
}
],
"title": "Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-55232",
"datePublished": "2025-09-09T17:01:04.860Z",
"dateReserved": "2025-08-11T20:26:16.631Z",
"dateUpdated": "2026-02-20T16:00:33.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21198 (GCVE-0-2025-21198)
Vulnerability from nvd – Published: 2025-02-11 17:58 – Updated: 2026-02-26 19:08
VLAI?
Title
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Summary
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft HPC Pack 2016 |
Affected:
1.0.0 , < 2016.3
(custom)
|
|||||||
|
|||||||||
Date Public ?
2025-02-11 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T04:55:42.547127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:08:58.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft HPC Pack 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2016.3",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft HPC Pack 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.8328.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:microsoft_hpc_pack_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.8328.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft_hpc_pack_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2016.3",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-02-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:44:32.475Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21198"
}
],
"title": "Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21198",
"datePublished": "2025-02-11T17:58:30.184Z",
"dateReserved": "2024-12-05T21:43:30.767Z",
"dateUpdated": "2026-02-26T19:08:58.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55232 (GCVE-0-2025-55232)
Vulnerability from cvelistv5 – Published: 2025-09-09 17:01 – Updated: 2026-02-20 16:00
VLAI?
Title
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Summary
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft HPC Pack 2019 |
Affected:
1.0.0 , < 6.3.8352 Quick Fix QFE
(custom)
|
Date Public ?
2025-09-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T18:51:54.322964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T18:52:02.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft HPC Pack 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.8352 Quick Fix QFE",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:microsoft_hpc_pack_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.8352 Quick Fix QFE",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:00:33.073Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55232"
}
],
"title": "Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-55232",
"datePublished": "2025-09-09T17:01:04.860Z",
"dateReserved": "2025-08-11T20:26:16.631Z",
"dateUpdated": "2026-02-20T16:00:33.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21198 (GCVE-0-2025-21198)
Vulnerability from cvelistv5 – Published: 2025-02-11 17:58 – Updated: 2026-02-26 19:08
VLAI?
Title
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Summary
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft HPC Pack 2016 |
Affected:
1.0.0 , < 2016.3
(custom)
|
|||||||
|
|||||||||
Date Public ?
2025-02-11 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T04:55:42.547127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:08:58.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft HPC Pack 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2016.3",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft HPC Pack 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.8328.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:microsoft_hpc_pack_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.8328.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft_hpc_pack_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2016.3",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-02-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:44:32.475Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21198"
}
],
"title": "Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21198",
"datePublished": "2025-02-11T17:58:30.184Z",
"dateReserved": "2024-12-05T21:43:30.767Z",
"dateUpdated": "2026-02-26T19:08:58.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}