What is CVE-2025-66029?

CVE-2025-66029 is a high-severity vulnerability in Osc Ondemand, classified under Insufficiently Protected Credentials. CVSS score: 7.6/10. Published 2025-12-17.

How severe is CVE-2025-66029?

High severity. CVSS v3 base score is 7.6 out of 10.

Vulnerability in Osc Ondemand

CVE-2025-66029

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node tha…

EPSS: 0.000 (10.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N.

Affected products

Osc Ondemand — versions <= 4.0.8

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials
CWE-523 — Unprotected Transport of Credentials

References

https://github.com/OSC/ondemand/security/advisories/GHSA-2cwp-8g29-9q32 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-66029?: CVE-2025-66029 is a high-severity vulnerability in Osc Ondemand, classified under Insufficiently Protected Credentials. CVSS score: 7.6/10. Published 2025-12-17.
How severe is CVE-2025-66029?: High severity. CVSS v3 base score is 7.6 out of 10.