HPE Performance Cluster Manager Vulnerability Enables Unauthorized Access
gbhackersHewlett Packard Enterprise (HPE) has disclosed a severe security flaw in its Performance Cluster Manager (HPCM) software that could allow attackers to bypass authentication and gain unauthorized remote access to sensitive systems.
The vulnerability, tracked as CVE-2025-27086, affects HPCM versions 1.12 and earlier, posing significant risks to enterprises relying on the tool for high-performance computing (HPC) cluster management.
Vulnerability Details and Risks
The flaw resides in the HPCM graphical user interface (GUI), enabling malicious actors to exploit weak authentication mechanisms remotely. With a CVSS v3.1 score of 8.1 (High severity), attackers could leverage this issue to:
- Advertisement -
.png)
- Access and manipulate cluster configurations
- Extract sensitive operational data
- Disrupt critical computing workflows
HPE’s advisory notes that exploitation requires no user interaction or privileges, making it a pressing concern for organizations with exposed HPCM instances.
| Attribute | Details |
| Vulnerability ID | CVE-2025-27086 |
| Affected Product | HPE Performance Cluster Manager (HPCM) |
| Affected Versions ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE