cbcvebase.
CVE-2025-46809
published 2025-07-31

CVE-2025-46809: A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container…

PriorityP432medium5.7CVSS 3.1
AVNACLPRLUIRSUCHINAN
EPSS
0.22%
12.8th percentile
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.

Affected

19 ranges
VendorProductVersion rangeFixed in
msrcazl3_kernel_6.6.47.1-1_on_azure_linux_3.0
msrcazl3_kernel_6.6.51.1-5_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_kernel_5.15.176.3-1_on_cbl_mariner_2.0
msrccbl2_kernel_5.15.180.1-1_on_cbl_mariner_2.0
susecontainer_suse_manager_4.3_proxy-httpd_4.3.16.9.67.1>= ? < 4.3.33-150400.3.55.24.3.33-150400.3.55.2
susecontainer_suse_manager_5.0_x86_64_proxy-httpd_5.0.5.7.23.1>= ? < 5.0.14-150600.4.17.15.0.14-150600.4.17.1
susecontainer_suse_manager_5.0_x86_64_server_5.0.5.7.30.1>= ? < 5.0.14-150600.4.17.15.0.14-150600.4.17.1
suseimage_sles15-sp4-manager-proxy-4-3-byos>= ? < 4.3.33-150400.3.55.24.3.33-150400.3.55.2
suseimage_sles15-sp4-manager-proxy-4-3-byos-azure>= ? < 4.3.33-150400.3.55.24.3.33-150400.3.55.2
suseimage_sles15-sp4-manager-proxy-4-3-byos-ec2>= ? < 4.3.33-150400.3.55.24.3.33-150400.3.55.2
suseimage_sles15-sp4-manager-proxy-4-3-byos-gce>= ? < 4.3.33-150400.3.55.24.3.33-150400.3.55.2
suseimage_sles15-sp4-manager-server-4-3-byos>= ? < 4.3.33-150400.3.55.24.3.33-150400.3.55.2
suseimage_sles15-sp4-manager-server-4-3-byos-azure>= ? < 4.3.33-150400.3.55.24.3.33-150400.3.55.2
suseimage_sles15-sp4-manager-server-4-3-byos-ec2>= ? < 4.3.33-150400.3.55.24.3.33-150400.3.55.2
suseimage_sles15-sp4-manager-server-4-3-byos-gce>= ? < 4.3.33-150400.3.55.24.3.33-150400.3.55.2
susesuse_manager_proxy_module_4.3>= ? < 4.3.33-150400.3.55.24.3.33-150400.3.55.2
susesuse_manager_server_module_4.3>= ? < 4.3.33-150400.3.55.24.3.33-150400.3.55.2

CVSS provenance

nvdv3.15.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.