Screen Session Misconfiguration in SUSE Linux
CVE-2025-46802

5.3MEDIUM

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Micro 5.3; Suse Linux Enterprise Micro 5.4; Suse Linux Enterprise Micro 5.5; Suse Linux Enterprise Module For Basesystem 15 Sp6
Vendor: CVE Published:; 26 May 2025

What is CVE-2025-46802?

A security misconfiguration in SUSE Linux temporarily sets PTY to mode 666, permitting users on the system to connect to active screen sessions. This vulnerability poses a risk of unauthorized access to sensitive information and control over the screen session, highlighting the need for immediate remediation and best practices in managing session permissions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SUSE Linux Enterprise Desktop 15 SP6 ? < 4.6.2-150000.5.8.1

SUSE Linux Enterprise High Performance Computing 15 SP6 ? < 4.6.2-150000.5.8.1

SUSE Linux Enterprise Micro 5.3 ? < 4.6.2-150000.5.8.1

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46802

https://www.openwall.com/lists/oss-security/2025/05/12/1

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
May 26, 2025
Vulnerability Reserved
Apr 30, 2025

Credit

Matthias Gerstner, SUSE

JSON

Suse