Missing Authentication Vulnerability in SUSE Manager
CVE-2025-46811

9.3CRITICAL

Key Information:

Vendor: Suse
Status: Container Suse/manager/5.0/x86 64/server:5.0.5.7.30.1; Image Sles15-sp4-manager-server-4-3-byos; Image Sles15-sp4-manager-server-4-3-byos-azure; Image Sles15-sp4-manager-server-4-3-byos-ec2
Vendor: CVE Published:; 30 July 2025

What is CVE-2025-46811?

A vulnerability in SUSE Manager allows unauthorized users access to critical functions via the websocket at /rhn/websocket/minion/remote-commands. This flaw could enable attackers to execute arbitrary commands with root privileges, posing significant risks to system integrity and security.

Affected Version(s)

Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 ? < 5.0.27-150600.3.33.1

Image SLES15-SP4-Manager-Server-4-3-BYOS ? < 4.3.87-150400.3.110.2

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure ? < 4.3.87-150400.3.110.2

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jul 30, 2025

JSON

Suse

What is CVE-2025-46811?

Affected Version(s)

References

CVSS V4

Timeline