CVE-2025-53880

UNKNOWN 0.0

susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.

CWE	CWE-35
Vendor	suse
Product	container suse/manager/4.3/proxy-httpd:latest
Published	Oct 30, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for suse container suse/manager/4.3/proxy-httpd:latest

Be the first to know when new unknown vulnerabilities affecting suse container suse/manager/4.3/proxy-httpd:latest are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

SUSE / Container suse/manager/4.3/proxy-httpd:latest

? < 4.3.11-150400.3.15.3

SUSE / Container suse/manager/5.0/x86_64/proxy-httpd:latest

? < 5.0.3-150600.3.6.4

SUSE / Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:latest

? < 5.1.3-150700.3.3.3

SUSE / SUSE Manager Proxy LTS 4.3

? < 4.3.11-150400.3.15.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bugzilla.suse.com: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53880

Credits

Paolo Perego of SUSE