CVE-2025-46811

CWE-862 — Missing Authorization CWE-306 — Missing Authentication CWE-129 — Improper Array Index Validation4 documents4 sources

Severity

9.3CRITICAL

EPSS

0.1%

top 76.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Container Suse/manager/5.0/x86 64/server:5.0.5.7.30.1 Suse Image Sles15-sp4-manager-server-4-3-byos Suse Image Sles15-sp4-manager-server-4-3-byos-azure +3 more

Timeline

PublishedJul 30

Description

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages6 packages

▶CVEListV5suse/image_sles15-sp4-manager-server-4-3-byos-azure? — 4.3.87-150400.3.110.2

▶CVEListV5suse/image_sles15-sp4-manager-server-4-3-byos? — 4.3.87-150400.3.110.2

▶CVEListV5suse/image_sles15-sp4-manager-server-4-3-byos-ec2? — 4.3.87-150400.3.110.2

▶CVEListV5suse/image_sles15-sp4-manager-server-4-3-byos-gce? — 4.3.87-150400.3.110.2

▶CVEListV5suse/suse_manager_server_module_4.3? — 4.3.87-150400.3.110.2

🔴Vulnerability Details

GHSA

GHSA-hrrw-rc87-qggf: A Missing Authentication for Critical Function vulnerability in SUSE Manager allows anyone with access to the websocket at /rhn/websocket/minion/remot↗2025-07-30

▶

CVEList

SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint↗2025-07-30

▶

📋Vendor Advisories

Microsoft

drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box↗2024-09-10

▶