← back
CVE-2025-46811

SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint

CVSS 9.3 CRITICALEPSS 10.3%CWE-862
In short

SUSE Manager has an unprotected websocket endpoint on port 443 that allows anyone to connect and run commands as root on managed systems. This is critical because attackers can execute arbitrary code without authentication.

Technical detail

Missing authorization on a websocket endpoint in SUSE Manager enables unauthenticated remote code execution as root on client systems. The attack vector requires network access to port 443, with no authentication pre-conditions, resulting in complete system compromise.

Summary generated and translated by AI from the official description.
A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
SUSE · Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1SUSE · Image SLES15-SP4-Manager-Server-4-3-BYOSSUSE · Image SLES15-SP4-Manager-Server-4-3-BYOS-AzureSUSE · Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2SUSE · Image SLES15-SP4-Manager-Server-4-3-BYOS-GCESUSE · SUSE Manager Server Module 4.3
public PoCs found2
githubgithub.com/b-L-x/CVE-2025-468110exploitdbwww.exploit-db.com/exploits/52527unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811