Missing Authentication Vulnerability in SUSE Manager
CVE-2025-46811

9.3CRITICAL

Key Information:

Vendor

Suse
Status
Container Suse/manager/5.0/x86 64/server:5.0.5.7.30.1
Image Sles15-sp4-manager-server-4-3-byos
Image Sles15-sp4-manager-server-4-3-byos-azure
Image Sles15-sp4-manager-server-4-3-byos-ec2
Vendor
CVE Published:
30 July 2025

What is CVE-2025-46811?

A vulnerability in SUSE Manager allows unauthorized users access to critical functions via the websocket at /rhn/websocket/minion/remote-commands. This flaw could enable attackers to execute arbitrary commands with root privileges, posing significant risks to system integrity and security.

Affected Version(s)

Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 ? < 5.0.27-150600.3.33.1

Image SLES15-SP4-Manager-Server-4-3-BYOS ? < 4.3.87-150400.3.110.2

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure ? < 4.3.87-150400.3.110.2

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

.