Multiple Vulnerabilities in Altair Grid Engine V2025.1.0
Plan Patch7.8SSA-514895Nov 11, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Altair Grid Engine versions prior to 2026.0.0 contain multiple vulnerabilities (CWE-209, CWE-427) that allow local privilege escalation and arbitrary code execution with superuser permissions. Successful exploitation requires a local user account on the affected system.
What this means
What could happen
An attacker with local access to a system running Altair Grid Engine could escalate privileges and run commands as root, potentially disrupting grid optimization calculations or modifying power system scheduling data.
Who's at risk
Electric utilities and grid operators using Altair Grid Engine for power system optimization and scheduling. This affects any organization using this software on local compute systems for energy management planning.
How it could be exploited
An attacker with a local account on a machine running Altair Grid Engine (v2025.1.0 or earlier) could use privilege escalation vulnerabilities to gain superuser access and execute arbitrary code with root permissions, allowing them to modify system behavior or access sensitive grid operation data.
Prerequisites
- Local user account on the affected system
- Altair Grid Engine version 2025.1.0 or earlier installed
Local privilege escalation requiredRequires local user accountAffects energy sector systemsHigh CVSS severity (7.8)
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Altair Grid Engine< 2026.0.02026.0.0
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Altair Grid Engine to version 2026.0.0 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f73fb609-d06e-486c-9530-cdbeeab60467