CVE-2025-46809
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-31

Last updated on: 2025-09-03

Assigner: SUSE

Description
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files.Β This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-31
Last Modified
2025-09-03
Generated
2026-05-27
AI Q&A
2025-07-31
EPSS Evaluated
2026-05-25
NVD
CVE-2025-46809
EUVD
EUVD-2025-23274
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
suse manager 4.3
suse manager 5.0.4
suse manager 5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-256 The product stores a password in plaintext within resources such as memory or files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Insertion of Sensitive Information into Log File issue in SUSE Multi Linux Manager. It exposes HTTP proxy credentials by logging them, which can lead to unauthorized access if the logs are accessed by malicious actors.


How can this vulnerability impact me? :

The exposure of HTTP proxy credentials in log files can lead to unauthorized access to network resources or systems that rely on those credentials, potentially compromising security and allowing attackers to intercept or manipulate network traffic.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart