SUSE Multi Linux Manager has unprotected websocket endpoint

July 30, 2025 invoker category_cve

CVE Details

Basic Information

Title SUSE Multi Linux Manager has unprotected websocket endpoint
Type cve
Published 2025-07-30T14:20:53.828Z
Modified 2025-07-30T14:21:49.596Z

Product Information

Vendor SUSE
Product Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1
Version ?

CVSS Information

Base Score 9.8 (CRITICAL)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

  • SUSE Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 ?
  • SUSE Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 ?
  • SUSE Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE ?
  • SUSE SUSE Manager Server Module 4.3 ?
  • SUSE SUSE Manager Server Module 4.3 ?
  • SUSE SUSE Manager Server Module 4.3 ?

Additional Information

CWE List CWE-306
Source suse

Description

A Missing Authentication for Critical Function vulnerability in SUSE Manager allows anyone with access to the websocket at /rhn/websocket/minion/remote-commands to execute arbitrary commands as root.

This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 0.3.7-150600.3.6.2; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 0.3.7-150400.3.39.4; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.