Critical SUSE Manager Vulnerability Allows Remote Command Execution as Root

A critical security vulnerability has been discovered in SUSE Manager that enables attackers to execute arbitrary commands with root privileges without any authentication.

The flaw, designated as CVE-2025-46811, represents a severe threat to organizations using affected SUSE Manager deployments and has been assigned a critical CVSS score of 9.3.

Vulnerability Overview

The vulnerability stems from a missing authentication mechanism for a critical function within SUSE Manager’s websocket interface.

Specifically, the flaw allows anyone with network access to the /rhn/websocket/minion/remote-commands endpoint to execute arbitrary commands as the root user.

This represents a complete compromise of system security, as root access provides unlimited control over the affected server.

The vulnerability affects multiple versions of SUSE Manager, including Container versions 5.0.5.7.30.1, various SLES15-SP4-Manager-Server images, and SUSE Manager Server Module 4.3.

The widespread nature of the affected systems amplifies the potential impact across enterprise environments where SUSE Manager is commonly deployed for system administration and configuration management.

This authentication bypass vulnerability poses an immediate and critical threat to affected systems. The CVSS 4.0 base score of 9.3 reflects the severity of the flaw, with high impact ratings across confidentiality, integrity, and availability vectors.

Attackers require no special privileges or user interaction to exploit this vulnerability, making it particularly dangerous.

The websocket endpoint’s exposure without proper authentication controls creates a direct pathway for remote code execution.

Malicious actors could potentially install backdoors, steal sensitive data, modify system configurations, or use compromised systems as launching points for lateral movement within corporate networks.

The vulnerability impacts multiple SUSE Manager configurations, including containerized deployments and various cloud platform images for Azure, EC2, and Google Cloud Engine.

Organizations should immediately identify all SUSE Manager instances in their environments and prioritize patching efforts.

SUSE has released security updates addressing this vulnerability. Organizations must upgrade to the latest patched versions immediately and implement network-level controls to restrict access to the websocket endpoint until patches can be applied.

Given the critical nature of this vulnerability and the ease of exploitation, this should be treated as an emergency security response requiring immediate action across all affected systems.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!