CVE-2025-46802
MEDIUMSUSE Linux Enterprise Micro 5.3-5.5 and Module for Basesystem 15 SP6 - Unauthenticated PTY Permission Assignment
Title source: llmDescription
For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.
References (2)
Core 2
Core References
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46802
Scores
CVSS v3
6.0
EPSS
0.0019
EPSS Percentile
8.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-732
Status
published
Products (8)
SUSE/SUSE Linux Enterprise Desktop 15 SP6
? - 4.6.2-150000.5.8.1
SUSE/SUSE Linux Enterprise High Performance Computing 15 SP6
? - 4.6.2-150000.5.8.1
SUSE/SUSE Linux Enterprise Micro 5.3
? - 4.6.2-150000.5.8.1
SUSE/SUSE Linux Enterprise Micro 5.4
? - 4.6.2-150000.5.8.1
SUSE/SUSE Linux Enterprise Micro 5.5
? - 4.6.2-150000.5.8.1
SUSE/SUSE Linux Enterprise Module for Basesystem 15 SP6
? - 4.6.2-150000.5.8.1
SUSE/SUSE Linux Enterprise Server 15 SP6
? - 4.6.2-150000.5.8.1
SUSE/SUSE Linux Enterprise Server for SAP Applications 15 SP6
? - 4.6.2-150000.5.8.1
Published
May 26, 2025
Tracked Since
Feb 18, 2026