Vulnerability News
sysops

A newly disclosed critical security vulnerability in SUSE Manager poses severe risks to enterprise infrastructure, allowing unauthenticated attackers to execute arbitrary commands with root privileges. 

The vulnerability, tracked as CVE-2025-46811, has been assigned a critical CVSS 4.0 score of 9.3, highlighting the urgent need for immediate patching across affected systems.

Key Takeaways1.  CVE-2025-46811 allows unauthenticated remote attackers to gain root access.2. Affects multiple SUSE Manager versions across containers and cloud platforms.3. Immediate updates are required to the latest versions.

Critical SUSE Manager Vulnerability

The security flaw stems from a Missing Authentication for Critical Function weakness (CWE-306) that specifically targets the websocket endpoint located at /rhn/websocket/minion/remote-commands. 

This architectural oversight enables any individual with network access to the vulnerable endpoint to bypass authentication mechanisms entirely and gain unauthorized root-level command execution capabilities on affected SUSE Manager systems.

The vulnerability’s network-accessible nature (AV:N) combined with low attack complexity (AC:L) and no required privileges (PR:N) makes it particularly dangerous for organizations running SUSE Manager in networked environments. 

Attackers can exploit this flaw without any user interaction, making automated attacks feasible and increasing the potential for widespread compromise.

Risk FactorsDetailsAffected Products– Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1- Image SLES15-SP4-Manager-Server-4-3-BYOS (all variants)- Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure- Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2- Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE- SUSE Manager Server Module 4.3ImpactArbitrary command executionExploit PrerequisitesNetwork access to target system- Access to websocket endpoint- No authentication required- No user interaction neededCVSS 3.1 Score9.8 (Critical)

Affected Systems 

The vulnerability impacts multiple SUSE Manager deployments across various platforms and versions. 

Affected systems include Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 versions prior to critical updates, including builds before 0.3.7-150600.3.6.2 and 5.0.14-150600.4.17.1. 

Additionally, several SLES15-SP4-Manager-Server-4-3-BYOS images across different cloud platforms (Azure, EC2, GCE) are vulnerable, specifically versions before 4.3.33-150400.3.55.2.

SUSE Manager Server Module 4.3 installations are also at risk, with multiple components requiring updates to versions 0.3.7-150400.3.39.4 and 4.3.33-150400.3.55.2 or later to address the security gap.

Given the critical nature of this vulnerability and its potential for complete system compromise, organizations running SUSE Manager must prioritize immediate patching efforts. 

System administrators should immediately audit their SUSE Manager deployments, verify current version numbers against the affected ranges, and implement the available security updates. 

Network segmentation and access controls should be reviewed to limit exposure of the vulnerable WebSocket endpoint while patches are being deployed. 

Organizations should also monitor for any suspicious activity on systems that may have been compromised before patching efforts are completed.

Integrate ANY.RUN TI Lookup with your SIEM or SOAR To Analyses Advanced Threats -> Try 50 Free Trial Searches

Related Posts

A detailed walkthrough demonstrates how attackers can manipulate Azure Key Vault’s access policies after compromising Entra ID (formerly Azure AD)…

A proof-of-concept (PoC) exploit has been released for CVE-2025-3155, a critical vulnerability in GNOME’s Yelp help viewer that enables attackers…

A recent cybersecurity report has identified critical vulnerabilities in Palo Alto Networks firewall devices that could enable attackers to bypass…