CVE-2025-46811
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-09-03
Assigner: SUSE
Description
Description
A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client.Β This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| suse | manager_proxy | 5.0 |
| suse | manager | 4.3 |
| suse | manager_retail_branch_server | 5.0 |
| suse | manager | 5.0.4.1 |
| suse | manager | 5.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authentication for Critical Function in SUSE Manager. It allows anyone who can access the websocket endpoint at /rhn/websocket/minion/remote-commands to execute arbitrary commands with root privileges without any authentication.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can run any command as root on the affected SUSE Manager system. This can lead to full system compromise, unauthorized access to sensitive data, disruption of services, and potential further attacks within the network.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70