{"cve":{"cve_id":"CVE-2025-46811","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.10233,"epss_percentile":0.95074,"epss_as_of":"2026-06-23","description":"A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.","published_at":"2025-07-30T14:20:53.828000Z","last_modified_at":null,"cvss_v3_score":9.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":9.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","cvss_v4_severity":"CRITICAL","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-862"],"nvd_references":["https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:27:07.145922Z"},"effective_severity":"CRITICAL","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"suse","vendor_name":"SUSE","product_slug":"container-suse-manager-5.0-x86-64-server-5.0.5.7.30.1","product_name":"Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1","version_start":"?","version_start_inclusive":true,"version_end":"5.0.27-150600.3.33.1","version_end_inclusive":false,"cpe23_uri":"cve5:suse:container-suse-manager-5.0-x86-64-server-5.0.5.7.30.1:?:5.0.27-150600.3.33.1"},{"vendor_slug":"suse","vendor_name":"SUSE","product_slug":"image-sles15-sp4-manager-server-4-3-byos","product_name":"Image SLES15-SP4-Manager-Server-4-3-BYOS","version_start":"?","version_start_inclusive":true,"version_end":"4.3.87-150400.3.110.2","version_end_inclusive":false,"cpe23_uri":"cve5:suse:image-sles15-sp4-manager-server-4-3-byos:?:4.3.87-150400.3.110.2"},{"vendor_slug":"suse","vendor_name":"SUSE","product_slug":"image-sles15-sp4-manager-server-4-3-byos-azure","product_name":"Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure","version_start":"?","version_start_inclusive":true,"version_end":"4.3.87-150400.3.110.2","version_end_inclusive":false,"cpe23_uri":"cve5:suse:image-sles15-sp4-manager-server-4-3-byos-azure:?:4.3.87-150400.3.110.2"},{"vendor_slug":"suse","vendor_name":"SUSE","product_slug":"image-sles15-sp4-manager-server-4-3-byos-ec2","product_name":"Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2","version_start":"?","version_start_inclusive":true,"version_end":"4.3.87-150400.3.110.2","version_end_inclusive":false,"cpe23_uri":"cve5:suse:image-sles15-sp4-manager-server-4-3-byos-ec2:?:4.3.87-150400.3.110.2"},{"vendor_slug":"suse","vendor_name":"SUSE","product_slug":"image-sles15-sp4-manager-server-4-3-byos-gce","product_name":"Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE","version_start":"?","version_start_inclusive":true,"version_end":"4.3.87-150400.3.110.2","version_end_inclusive":false,"cpe23_uri":"cve5:suse:image-sles15-sp4-manager-server-4-3-byos-gce:?:4.3.87-150400.3.110.2"},{"vendor_slug":"suse","vendor_name":"SUSE","product_slug":"suse-manager-server-module-4.3","product_name":"SUSE Manager Server Module 4.3","version_start":"?","version_start_inclusive":true,"version_end":"4.3.87-150400.3.110.2","version_end_inclusive":false,"cpe23_uri":"cve5:suse:suse-manager-server-module-4.3:?:4.3.87-150400.3.110.2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-07-30T14:20:53.828000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:46:37.370372Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:46:37.370372Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:46:37.370372Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:46:37.370372Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:46:37.370372Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:46:37.370372Z","label":"CVSS score revised","source":"cvelistv5"}]}