πŸ” CVE Alert

CVE-2025-46811

CRITICAL 9.8

SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint

CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client.Β This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.

CWE CWE-862
Vendor suse
Product container suse/manager/5.0/x86_64/server:5.0.5.7.30.1
Published Jul 30, 2025
Last Updated Feb 26, 2026
Stay Ahead of the Next One

Get instant alerts for suse container suse/manager/5.0/x86_64/server:5.0.5.7.30.1

Be the first to know when new critical vulnerabilities affecting suse container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

SUSE / Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1
? < 5.0.27-150600.3.33.1
SUSE / Image SLES15-SP4-Manager-Server-4-3-BYOS
? < 4.3.87-150400.3.110.2
SUSE / Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
? < 4.3.87-150400.3.110.2
SUSE / Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
? < 4.3.87-150400.3.110.2
SUSE / Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
? < 4.3.87-150400.3.110.2
SUSE / SUSE Manager Server Module 4.3
? < 4.3.87-150400.3.110.2

References

NVD β†— CVE.org β†— EPSS Data β†—
bugzilla.suse.com: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811

Credits

Simon Holl (MindBytes)