CVE-2026-25702

CWE-284 — Improper Access Control5 documents5 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 82.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Suse Linux Enterprise Server Suse Linux Enterprise Server

Timeline

PublishedMar 5

Description

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5suse/suse_linux_enterprise_server9e6d9d4601768c75fdb0bad3fbbe636e748939c2 — 9c294edb7085fb91650bc12233495a8974c5ff2d

▶NVDsuse/linux_enterprise_server12

🔴Vulnerability Details

OSV

CVE-2026-25702: A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via↗2026-03-05

▶

CVEList

nftables disabled due to incorrect kernel backport↗2026-03-05

▶

GHSA

GHSA-h8j4-cgff-f982: A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via↗2026-03-05

▶

🕵️Threat Intelligence

Wiz

CVE-2026-25702 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶