CVE-2025-46802

Summary

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

Affected Software

VendorProductVersion RangeStatus
SUSESUSE Linux Enterprise Micro 5.3? < 4.6.2-150000.5.8.1affected
SUSESUSE Linux Enterprise Micro 5.4? < 4.6.2-150000.5.8.1affected
SUSESUSE Linux Enterprise Micro 5.5? < 4.6.2-150000.5.8.1affected
SUSESUSE Linux Enterprise Module for Basesystem 15 SP6? < 4.6.2-150000.5.8.1affected
SUSESUSE Linux Enterprise Server 15 SP6? < 4.6.2-150000.5.8.1affected
SUSESUSE Linux Enterprise Desktop 15 SP6? < 4.6.2-150000.5.8.1affected
SUSESUSE Linux Enterprise Server for SAP Applications 15 SP6? < 4.6.2-150000.5.8.1affected
SUSESUSE Linux Enterprise High Performance Computing 15 SP6? < 4.6.2-150000.5.8.1affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References