Sensitive Information Exposure in SUSE Multi Linux Manager
CVE-2025-46809

6.9MEDIUM

Key Information:

Vendor: Suse
Status: Container Suse/manager/5.0/x86 64/server:5.0.5.7.30.1; Image Sles15-sp4-manager-server-4-3-byos; Image Sles15-sp4-manager-server-4-3-byos-azure; Image Sles15-sp4-manager-server-4-3-byos-ec2
Vendor: CVE Published:; 31 July 2025

What is CVE-2025-46809?

An insertion of sensitive information into the log file vulnerability in SUSE Multi Linux Manager allows the exposure of HTTP proxy credentials. This misconfiguration affects multiple versions of the product, leading to potential unauthorized access. It is critical for users of the impacted versions to take immediate action to secure their systems and prevent potential exploitation. Regular updates and patch management are essential to mitigate risks associated with such vulnerabilities.

Affected Version(s)

Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 ? < 5.0.27-150600.3.33.1

Image SLES15-SP4-Manager-Server-4-3-BYOS ? < 4.3.87-150400.3.110.2

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure ? < 4.3.87-150400.3.110.2

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46809

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2025
Vulnerability Reserved
Apr 30, 2025

Suse

What is CVE-2025-46809?

Affected Version(s)

References

CVSS V4

Timeline