Reflected XSS Vulnerability in SUSE Manager Server by SUSE
CVE-2025-53883

9.3CRITICAL

Key Information:

Vendor: Suse
Status: Container Suse Manager 5.0; Suse Manager Server Lts 4.3
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-53883?

A reflected XSS vulnerability in SUSE Manager Server permits attackers to execute arbitrary JavaScript in users' browsers through improperly neutralized script-related HTML tags within search fields. This can lead to potential compromise of user data and security. Affected versions include Container suse/manager/5.0/x86_64/server:latest prior to 5.0.28-150600.3.36.8 and SUSE Manager Server LTS 4.3 versions prior to 4.3.88-150400.3.113.5.

Affected Version(s)

Container suse manager 5.0 0 < 5.0.28-150600.3.36.8

SUSE Manager Server LTS 4.3 0 < 4.3.88-150400.3.113.5

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53883

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Jul 11, 2025

JSON

Suse

What is CVE-2025-53883?

Affected Version(s)

References

CVSS V4

Timeline