Home

Description

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.

PUBLISHED Reserved 2025-04-30 | Published 2025-07-30 | Updated 2026-02-26 | Assigner suse




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

? (custom) before 5.0.27-150600.3.33.1
affected

Default status
unaffected

? (custom) before 4.3.87-150400.3.110.2
affected

Default status
unaffected

? (custom) before 4.3.87-150400.3.110.2
affected

Default status
unaffected

? (custom) before 4.3.87-150400.3.110.2
affected

Default status
unaffected

? (custom) before 4.3.87-150400.3.110.2
affected

Default status
unaffected

? (custom) before 4.3.87-150400.3.110.2
affected

Credits

Simon Holl (MindBytes) finder

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811

cve.org (CVE-2025-46811)

nvd.nist.gov (CVE-2025-46811)

Download JSON