CVE-2025-46811

CRITICAL

SUSE Linux Manager <5.0.27 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-46811. PoCs published by wjmaj98, b-L-x.

AI-analyzed exploit summary This exploit leverages a WebSocket vulnerability in SUSE Manager/Uyuni to execute a reverse shell payload on a selected minion. It establishes a WebSocket connection, retrieves a list of minions, and sends a crafted command to achieve remote code execution.

Description

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.

Exploits (2)

exploitdb WORKING POC

by wjmaj98 · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52527

View Code ZIP pw:eip

This exploit leverages a WebSocket vulnerability in SUSE Manager/Uyuni to execute a reverse shell payload on a selected minion. It establishes a WebSocket connection, retrieves a list of minions, and sends a crafted command to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SUSE Manager 4.3.15, SUSE Manager 5.0.4, Uyuni 2025.05

No auth needed

Prerequisites: WebSocket endpoint accessible · network connectivity to attacker's listener

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 09, 2026 Full analysis →

nomisec WORKING POC

by b-L-x · poc

https://github.com/b-L-x/CVE-2025-46811

View Code ZIP pw:eip

This repository contains a Python-based exploit for CVE-2025-46811, targeting SUSE Manager via a WebSocket vulnerability. It includes both scanning and interactive shell capabilities for remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SUSE Manager (version not specified)

No auth needed

Prerequisites: Network access to the target's WebSocket endpoint · Python 3.8+ environment

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1102 - Web Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811

Scores

CVSS v3 9.8

EPSS 0.0172

EPSS Percentile 74.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-862

Status published

Products (6)

SUSE/Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 ? - 5.0.27-150600.3.33.1

SUSE/Image SLES15-SP4-Manager-Server-4-3-BYOS ? - 4.3.87-150400.3.110.2

SUSE/Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure ? - 4.3.87-150400.3.110.2

SUSE/Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 ? - 4.3.87-150400.3.110.2

SUSE/Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE ? - 4.3.87-150400.3.110.2

SUSE/SUSE Manager Server Module 4.3 ? - 4.3.87-150400.3.110.2

Published Jul 30, 2025

Tracked Since Feb 18, 2026