Vulnerability in Osc Ondemand

CVE-2025-58435

Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version 3.1.2. The likelihood of exploitation is low as a us…

EPSS: 0.001 (22.7th percentile) — read the EPSS interpretation.

Affected products

Osc Ondemand — versions < 3.1.15, >= 4.0.0-0.rc1, < 4.0.7

Weakness classification (CWE)

CWE-262 — Not Using Password Aging

References

https://github.com/OSC/ondemand/security/advisories/GHSA-7vh8-mw9f-5r99 (x_refsource_CONFIRM)