- Description
- A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
- Source
- meissner@suse.de
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- meissner@suse.de
- CWE-862
- Hype score
- Not currently trending
⚠️Vulnerabilidad en SUSE Manager ❗CVE-2025-46811 ➡️Más info: https://t.co/1Uu9Ygd5wZ https://t.co/lutHzxob1j
@CERTpy
4 Aug 2025
126 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
قابل توجه ادمین های لینوکس SUSE : به تازگی برای برنامه SUSE Manager آسیب پذیری با کد شناسایی CVE-2025-46811 و از نوع RCE منتشر شده است که به هکرها امکاناجرای کامند با سطح
@AmirHossein_sec
3 Aug 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SUSE Manager Hit by Critical Root-Level Exploit: #CVE-2025-46811 Threatens Global Enterprise Systems https://t.co/dWwtL7Ze7R
@UndercodeNews
31 Jul 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SUSE Managerに深刻な認証バイパスの脆弱性(CVE-2025-46811)が発見され、攻撃者が認証なしでroot権限のコマンドを実行できる状態にある。CVSS 4.0スコアは9.3と極めて高く、影響は重大である。
@yousukezan
31 Jul 2025
676 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: SUSE Manager containers affected by CVE-2025-46811—missing auth lets attackers run commands as root via WebSocket! Patch ASAP to protect your infra. 🔒 https://t.co/kIHB7NqOia #OffSeq #SUSE #Cyberse... https://t.co/Gcm4SMLo0j
@offseq
31 Jul 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Among the high and critical macOS vulnerabilities, there is also a critical SUSE one: 🟥 CVE-2025-46811, CVSS: 9.8 (#Critical) SUSE Manager version 5.0.5.7.30.1 and related images. A Missing Authentication for Critical Function vulnerability allows arbitrary command https:
@UjlakiMarci
30 Jul 2025
68 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-46811 A Missing Authentication for Critical Function vulnerability in SUSE Manager allows anyone with access to the websocket at /rhn/websocket/minion/remote-commands to ex… https://t.co/LRNCIAEZV7
@CVEnew
30 Jul 2025
276 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-46811: CRITICAL] A vulnerability in SUSE Manager allows unauthorized users to run commands as root. Containers and images affected need an update to versions from ? before specified releases.#cve,CVE-2025-46811,#cybersecurity https://t.co/6SskL8su62 https://t.co/azSaysC
@CveFindCom
30 Jul 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes