Cyber Resilience

CVE-2025-46811

Critical

Published: 30 July 2025

Published
30 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0607 91.0th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-46811 is a critical-severity Missing Authorization (CWE-862) vulnerability in Suse (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-46811 is a missing authorization vulnerability, tracked under CWE-862, that affects SUSE Linux Manager. It impacts the Container suse/manager/5.0/x86_64/server from versions before 5.0.27-150600.3.33.1, multiple SLES15-SP4-Manager-Server-4-3 images before 4.3.87-150400.3.110.2, and SUSE Manager Server Module 4.3 before 4.3.87-150400.3.110.2. The flaw resides in the server component and permits unauthorized access over the network.

An unauthenticated attacker who can reach port 443 on an affected SUSE Manager instance can exploit the issue to execute arbitrary commands as root on any connected client system, resulting in full compromise of confidentiality, integrity, and availability with a CVSS 4.0 score of 9.3.

The SUSE bugzilla advisory at https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811 identifies the fixed versions that resolve the authorization gap. The associated EPSS score has remained flat at a peak of 0.0607 with no material increase since disclosure.

EU & UK References

Vulnerability details

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before…

more

5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Missing authorization in public-facing SUSE Manager server directly enables unauthenticated remote command execution (T1190) as root via Unix shell on managed clients (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2023-7317Shared CWE-862
CVE-2023-52163Shared CWE-862
CVE-2026-45209Shared CWE-862
CVE-2026-25026Shared CWE-862
CVE-2026-42083Shared CWE-862
CVE-2026-0656Shared CWE-862
CVE-2026-24532Shared CWE-862
CVE-2025-13603Shared CWE-862
CVE-2025-69063Shared CWE-862
CVE-2026-3045Shared CWE-862

Affected Assets

Suse
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to system resources, directly mitigating the missing authorization checks that enable unauthenticated root command execution on clients.

prevent

Limits and explicitly defines permitted actions without identification or authentication, prohibiting unauthenticated users from performing privileged functions like root command execution.

prevent

Mandates timely identification, reporting, and correction of system flaws, enabling patching of the vulnerable SUSE Linux Manager versions to eliminate the authorization bypass.

References