Altair Grid Engine V2025: Password Hash Disclosure via Error Message
CVE-2025-40760 Published on November 11, 2025
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes for privileged accounts, which can then be subjected to offline brute-force attacks.
Weakness Type
Generation of Error Message Containing Sensitive Information
The software generates an error message that includes sensitive information about its environment, users, or associated data.
Products Associated with CVE-2025-40760
Want to know whenever a new CVE is published for Siemens Altair Grid Engine? stack.watch will email you.
Affected Versions
Siemens Altair Grid Engine:- Before V2026.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.