Vulnerability cyber

SUSE

Jul 31, 2025 1 min read
SUSE

A critical security vulnerability in SUSE Manager allows unauthenticated attackers to execute arbitrary commands with root privileges. This flaw, tracked as CVE-2025-46811, has a CVSS 4.0 score of 9.3 and affects multiple versions of SUSE Manager across various platforms. The vulnerability stems from a Missing Authentication for Critical Function weakness, which targets a specific websocket endpoint. Organizations are at risk of widespread compromise, requiring immediate updates to mitigate the threat. The impact is significant as it could lead to complete system compromise, affecting enterprise infrastructure.

Source: https://cybersecuritynews.com/suse-manager-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/suse

"id": "sus629073125",
"linkid": "suse",
"type": "Vulnerability",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'SUSE',
                        'type': 'Software Vendor'}],
 'attack_vector': 'Network Accessible (AV:N), Low Attack Complexity (AC:L), No '
                  'Required Privileges (PR:N)',
 'description': 'A newly disclosed critical security vulnerability in SUSE '
                'Manager poses severe risks to enterprise infrastructure, '
                'allowing unauthenticated attackers to execute arbitrary '
                'commands with root privileges.',
 'impact': {'systems_affected': ['Container '
                                 'suse/manager/5.0/x86_64/server:5.0.5.7.30.1',
                                 'SLES15-SP4-Manager-Server-4-3-BYOS (all '
                                 'variants)',
                                 'SLES15-SP4-Manager-Server-4-3-BYOS-Azure',
                                 'SLES15-SP4-Manager-Server-4-3-BYOS-EC2',
                                 'SLES15-SP4-Manager-Server-4-3-BYOS-GCE',
                                 'SUSE Manager Server Module 4.3']},
 'initial_access_broker': {'entry_point': 'Websocket endpoint: '
                                          '/rhn/websocket/minion/remote-commands'},
 'post_incident_analysis': {'root_causes': 'Missing Authentication for '
                                           'Critical Function (CWE-306)'},
 'recommendations': ['Prioritize immediate patching',
                     'Monitor for suspicious activity'],
 'response': {'containment_measures': ['Network segmentation',
                                       'Access controls review'],
              'enhanced_monitoring': True,
              'network_segmentation': True,
              'remediation_measures': ['Immediate patching', 'Version audits']},
 'title': 'Critical Vulnerability in SUSE Manager (CVE-2025-46811)',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2025-46811'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

CrushFTP

public 1 min read
A significant zero-day vulnerability in CrushFTP has been disclosed, allowing unauthenticated attackers to achieve complete remote code execution on vulnerable…
Jeremy C Jeremy C
Vulnerability cyber

BeyondTrust

public 1 min read
A significant security vulnerability, designated as CVE-2025-2297, has been discovered in BeyondTrust’s Privilege Management for Windows solution. This vulnerability…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.