Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability — CVE-2025-55232

Zusammenfassung

Sicherheitshinweis CVE-2025-55232. Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability Hersteller: Microsoft. Quelle: MSRC. Risiko: critical. CVSS 9.8. Details in der offiziellen Quelle.

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

• Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
• Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
• Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
• Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Zur offiziellen Quelle

Mehr dazu

• Azure Bot Service Elevation of Privilege Vulnerability CVE-2025-55244
• Azure Entra ID Elevation of Privilege Vulnerability CVE-2025-55241
• Azure Networking Elevation of Privilege Vulnerability CVE-2025-54914
• cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters. CVE-2025-57052
• hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() CVE-2025-38714
• jfs: truncate good inode pages when hard link is 0 CVE-2025-39743
• A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS). CVE-2025-55558
• A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). CVE-2025-55557
• A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). CVE-2025-55553
• accel/habanalabs: fix mem leak in capture user mappings CVE-2023-53367
• accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release() CVE-2023-53353
• ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered CVE-2025-39763