Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for SUSE Manager Proxy LTS 4.3 by SUSE

    CVE-2026-41054 (GCVE-0-2026-41054)

    Vulnerability from nvd – Published: 2026-05-20 08:56 – Updated: 2026-06-05 11:06
    VLAI
    Title
    Missing exit out of permission check in haveged could lead to root exploit
    Summary
    In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Container suse/sle-micro-rancher/5.3:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Container suse/sle-micro-rancher/5.4:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Container suse/sle-micro/5.5:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Desktop 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6-LTSS Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Proxy LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Retail Branch Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    Credits
    Dirk Mueller of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-05T11:06:34.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/19/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/19/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/19/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/20/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/21/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/22/1"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00005.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41054",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T03:55:33.848Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Container suse/sle-micro-rancher/5.3:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Container suse/sle-micro-rancher/5.3:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Container suse/sle-micro-rancher/5.4:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Container suse/sle-micro-rancher/5.4:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Container suse/sle-micro/5.5:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Container suse/sle-micro/5.5:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Desktop 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Desktop 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Desktop 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Micro 5.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Micro 5.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Micro 5.4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Micro 5.4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Micro 5.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Micro 5.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Manager Proxy LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Manager Proxy LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Manager Proxy LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Manager Retail Branch Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Manager Retail Branch Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Manager Retail Branch Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Manager Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Manager Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Manager Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dirk Mueller of SUSE"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cpre\u003eIn `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.\u003c/pre\u003e\u003c/div\u003e"
                }
              ],
              "value": "In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305: Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T08:56:14.466Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41054"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Missing exit out of permission check in haveged could lead to root exploit",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41054",
        "datePublished": "2026-05-20T08:56:14.466Z",
        "dateReserved": "2026-04-16T13:37:50.680Z",
        "dateUpdated": "2026-06-05T11:06:34.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53880 (GCVE-0-2025-53880)

    Vulnerability from nvd – Published: 2025-10-30 10:31 – Updated: 2026-02-26 16:56
    VLAI
    Title
    susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal
    Summary
    A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2025-10-28 07:12
    Credits
    Paolo Perego of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53880",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T03:55:25.918910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:50.977Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "susemanager-tftpsync-recv",
              "product": "Container suse/manager/4.3/proxy-httpd:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.11-150400.3.15.3",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "susemanager-tftpsync-recv",
              "product": "Container suse/manager/5.0/x86_64/proxy-httpd:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.0.3-150600.3.6.4",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "susemanager-tftpsync-recv",
              "product": "Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.1.3-150700.3.3.3",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "susemanager-tftpsync-recv",
              "product": "SUSE Manager Proxy LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.11-150400.3.15.3",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Paolo Perego of SUSE"
            }
          ],
          "datePublic": "2025-10-28T07:12:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eA Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-35",
                  "description": "CWE-35: Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T10:33:26.970Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53880"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-53880",
        "datePublished": "2025-10-30T10:31:15.866Z",
        "dateReserved": "2025-07-11T10:53:52.681Z",
        "dateUpdated": "2026-02-26T16:56:50.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41054 (GCVE-0-2026-41054)

    Vulnerability from cvelistv5 – Published: 2026-05-20 08:56 – Updated: 2026-06-05 11:06
    VLAI
    Title
    Missing exit out of permission check in haveged could lead to root exploit
    Summary
    In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Container suse/sle-micro-rancher/5.3:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Container suse/sle-micro-rancher/5.4:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Container suse/sle-micro/5.5:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Desktop 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6-LTSS Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Proxy LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Retail Branch Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    Credits
    Dirk Mueller of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-05T11:06:34.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/19/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/19/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/19/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/20/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/21/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/22/1"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00005.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41054",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T03:55:33.848Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Container suse/sle-micro-rancher/5.3:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Container suse/sle-micro-rancher/5.3:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Container suse/sle-micro-rancher/5.4:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Container suse/sle-micro-rancher/5.4:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Container suse/sle-micro/5.5:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Container suse/sle-micro/5.5:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Desktop 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Desktop 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Desktop 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Micro 5.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Micro 5.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Micro 5.4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Micro 5.4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Micro 5.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Micro 5.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Manager Proxy LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Manager Proxy LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Manager Proxy LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Manager Retail Branch Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Manager Retail Branch Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Manager Retail Branch Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Manager Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Manager Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Manager Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dirk Mueller of SUSE"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cpre\u003eIn `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.\u003c/pre\u003e\u003c/div\u003e"
                }
              ],
              "value": "In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305: Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T08:56:14.466Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41054"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Missing exit out of permission check in haveged could lead to root exploit",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41054",
        "datePublished": "2026-05-20T08:56:14.466Z",
        "dateReserved": "2026-04-16T13:37:50.680Z",
        "dateUpdated": "2026-06-05T11:06:34.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53880 (GCVE-0-2025-53880)

    Vulnerability from cvelistv5 – Published: 2025-10-30 10:31 – Updated: 2026-02-26 16:56
    VLAI
    Title
    susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal
    Summary
    A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2025-10-28 07:12
    Credits
    Paolo Perego of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53880",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T03:55:25.918910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:50.977Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "susemanager-tftpsync-recv",
              "product": "Container suse/manager/4.3/proxy-httpd:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.11-150400.3.15.3",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "susemanager-tftpsync-recv",
              "product": "Container suse/manager/5.0/x86_64/proxy-httpd:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.0.3-150600.3.6.4",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "susemanager-tftpsync-recv",
              "product": "Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.1.3-150700.3.3.3",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "susemanager-tftpsync-recv",
              "product": "SUSE Manager Proxy LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.11-150400.3.15.3",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Paolo Perego of SUSE"
            }
          ],
          "datePublic": "2025-10-28T07:12:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eA Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-35",
                  "description": "CWE-35: Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T10:33:26.970Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53880"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-53880",
        "datePublished": "2025-10-30T10:31:15.866Z",
        "dateReserved": "2025-07-11T10:53:52.681Z",
        "dateUpdated": "2026-02-26T16:56:50.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }