CVE-2025-46809

CWE-256CWE-532Log File Information ExposureCWE-476NULL Pointer Dereference4 documents4 sources
Severity
6.9MEDIUM
EPSS
0.0%
top 90.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Suse Container Suse/manager/4.3/proxy-httpd:4.3.16.9.67.1Suse Container Suse/manager/5.0/x86 64/proxy-httpd:5.0.5.7.23.1Suse Container Suse/manager/5.0/x86 64/server:5.0.5.7.30.1+10 more
Timeline
PublishedJul 31

Description

A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Packages13 packages

CVEListV5suse/image_sles15-sp4-manager-proxy-4-3-byos-azure?4.3.33-150400.3.55.2
CVEListV5suse/image_sles15-sp4-manager-proxy-4-3-byos?4.3.33-150400.3.55.2
CVEListV5suse/image_sles15-sp4-manager-proxy-4-3-byos-ec2?4.3.33-150400.3.55.2
CVEListV5suse/image_sles15-sp4-manager-proxy-4-3-byos-gce?4.3.33-150400.3.55.2
CVEListV5suse/image_sles15-sp4-manager-server-4-3-byos-azure?4.3.33-150400.3.55.2

🔴Vulnerability Details

2
GHSA
GHSA-6c9h-8vxc-74xh: A Insertion of Sensitive Information into Log File vulnerability in SUSE Multi Linux Manager exposes the HTTP proxy credentials2025-07-31
CVEList
Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs2025-07-31

📋Vendor Advisories

1
Microsoft
drm/amd/display: Check BIOS images before it is used2024-09-10