Mitigation
Customers should make sure the HPC Pack clusters are running in a trusted network secured by firewall rules especially for the TCP port 5999.
MSRC compact vulnerability detail
CVE-2025-55232 · Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
Signals
Microsoft High Performance Compute Pack (HPC)
Remote Code Execution
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Less Likely
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
FAQ / Articles
FAQ
What do customers need to do to mitigate this vulnerability? If you are currently using HPC Pack 2019 Update 2, you need to upgrade to HPC Pack 2019 Update 3 (Build 6.3.8328) and then apply the QFE patch (Build 6.3.8352). If you are currently using HPC Pack 2016, you must migrate to 2019 to receive a fix, as there is no in-place update from 2016 to 2019.
Microsoft High Performance Compute Pack (HPC) Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
FAQ
How could an attacker exploit the vulnerability? An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.