Screen Session Misconfiguration in SUSE Linux
CVE-2025-46802

5.3MEDIUM

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Micro 5.3; Suse Linux Enterprise Micro 5.4; Suse Linux Enterprise Micro 5.5; Suse Linux Enterprise Module For Basesystem 15 Sp6
Vendor: CVE Published:; 26 May 2025

What is CVE-2025-46802?

A security misconfiguration in SUSE Linux temporarily sets PTY to mode 666, permitting users on the system to connect to active screen sessions. This vulnerability poses a risk of unauthorized access to sensitive information and control over the screen session, highlighting the need for immediate remediation and best practices in managing session permissions.

Affected Version(s)

SUSE Linux Enterprise Desktop 15 SP6 ? < 4.6.2-150000.5.8.1

SUSE Linux Enterprise High Performance Computing 15 SP6 ? < 4.6.2-150000.5.8.1

SUSE Linux Enterprise Micro 5.3 ? < 4.6.2-150000.5.8.1

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46802

https://www.openwall.com/lists/oss-security/2025/05/12/1

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2025
Vulnerability Reserved
Apr 30, 2025

Credit

Matthias Gerstner, SUSE