{"id":59907,"date":"2025-08-06T00:03:52","date_gmt":"2025-08-06T00:03:52","guid":{"rendered":""},"modified":"2025-08-08T23:41:38","modified_gmt":"2025-08-09T05:41:38","slug":"cve-2025-46811-critical-missing-authentication-vulnerability-in-suse-manager","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-46811-critical-missing-authentication-vulnerability-in-suse-manager\/","title":{"rendered":"CVE-2025-46811: Critical Missing Authentication Vulnerability in SUSE Manager<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the ever-evolving landscape of cybersecurity, a new vulnerability has emerged that holds significant implications for systems running SUSE Manager. Identified as CVE-2025-46811, this vulnerability exposes a critical loophole in authentication for crucial system functions. It allows an attacker with access to a specific websocket to execute arbitrary commands as the root user, potentially compromising sensitive data or the entire system<\/a>.
\nThis vulnerability is particularly alarming due to its potential<\/a> wide reach and the severity of its implications. It affects various versions of SUSE Manager, including several container and image versions. Therefore, it is crucial for organizations running these systems to understand the vulnerability<\/a> and take immediate action to mitigate their risk.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-46811
\nSeverity: Critical, CVSS Score of 9.8
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n