CVE-2025-46810

CWE-61CWE-476NULL Pointer Dereference4 documents4 sources
Severity
8.5HIGH
EPSS
0.0%
top 91.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opensuse Tumbleweed
Timeline
PublishedSep 2

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5opensuse/tumbleweed?2.11.29

🔴Vulnerability Details

1
CVEList
CVE-2025-46810: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root2025-09-02

📋Vendor Advisories

2
Red Hat
traefik: Escalation to root from traefik user via %post script2025-09-02
Microsoft
drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ2024-09-10
CVE-2025-46810 (HIGH CVSS 8.5) | A UNIX Symbolic Link (Symlink) Foll | cvebase.io