CVE-2025-46811
Published: 30 July 2025
Summary
CVE-2025-46811 is a critical-severity Missing Authorization (CWE-862) vulnerability in Suse (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2025-46811 is a missing authorization vulnerability, tracked under CWE-862, that affects SUSE Linux Manager. It impacts the Container suse/manager/5.0/x86_64/server from versions before 5.0.27-150600.3.33.1, multiple SLES15-SP4-Manager-Server-4-3 images before 4.3.87-150400.3.110.2, and SUSE Manager Server Module 4.3 before 4.3.87-150400.3.110.2. The flaw resides in the server component and permits unauthorized access over the network.
An unauthenticated attacker who can reach port 443 on an affected SUSE Manager instance can exploit the issue to execute arbitrary commands as root on any connected client system, resulting in full compromise of confidentiality, integrity, and availability with a CVSS 4.0 score of 9.3.
The SUSE bugzilla advisory at https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811 identifies the fixed versions that resolve the authorization gap. The associated EPSS score has remained flat at a peak of 0.0607 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23155
Vulnerability details
A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before…
more
5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization in public-facing SUSE Manager server directly enables unauthenticated remote command execution (T1190) as root via Unix shell on managed clients (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for logical access to system resources, directly mitigating the missing authorization checks that enable unauthenticated root command execution on clients.
Limits and explicitly defines permitted actions without identification or authentication, prohibiting unauthenticated users from performing privileged functions like root command execution.
Mandates timely identification, reporting, and correction of system flaws, enabling patching of the vulnerable SUSE Linux Manager versions to eliminate the authorization bypass.