CVE-2025-46811 SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint

🗓️ 30 Jul 2025 14:20:53Reported by suseType

SUSE Manager has a vulnerability allowing root command execution via unprotected websocket endpoint

Reporter	Title	Published	Views	Family All 20
ATTACKERKB	CVE-2025-46811	30 Jul 202514:20	–	attackerkb
BDU FSTEC	The vulnerability of the SUSE Manager, a tool for centralized management of IT infrastructure, relates to the lack of authentication for critical functions. This allows attackers to execute arbitrary commands with root privileges.	1 Aug 202500:00	–	bdu_fstec
Circl	CVE-2025-46811	30 Jul 202517:12	–	circl
CNNVD	SUSE Manager 访问控制错误漏洞	30 Jul 202500:00	–	cnnvd
CVE	CVE-2025-46811	30 Jul 202514:20	–	cve
Exploit DB	SUSE Manager 4.3.15 - Code Execution	30 Apr 202600:00	–	exploitdb
EUVD	EUVD-2025-23155	3 Oct 202520:07	–	euvd
NVD	CVE-2025-46811	30 Jul 202515:15	–	nvd
OSV	SUSE-SU-2025:02475-1 Security update 4.3.16 for Multi-Linux Manager Server	23 Jul 202512:36	–	osv
OSV	SUSE-SU-2025:02476-1 Security update 4.3.16 for Multi-Linux Manager Server	23 Jul 202512:37	–	osv

[
  {
    "defaultStatus": "unaffected",
    "packageName": "spacewalk-java",
    "product": "Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "5.0.27-150600.3.33.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "spacewalk-java",
    "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "4.3.87-150400.3.110.2",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "spacewalk-java",
    "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "4.3.87-150400.3.110.2",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "spacewalk-java",
    "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "4.3.87-150400.3.110.2",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "spacewalk-java",
    "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "4.3.87-150400.3.110.2",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "spacewalk-java",
    "product": "SUSE Manager Server Module 4.3",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "4.3.87-150400.3.110.2",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.suse.com/show_bug.cgi

03 Sep 2025 07:03Current

CVSS 49.3

CVSS 3.19.8

EPSS0.01718

CWE-862