Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-46811 PoC — SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint

Source
https://github.com/b-L-x/CVE-2025-46811
Associated Vulnerability
Title:SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint (CVE-2025-46811)
Description:A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
Description
CVE-2025-46811
Readme
<h1 align="center">SUSE Manager Exploit Toolkit</h1>
<div align="center">
  <strong>CVE-CVE-2025-46811 Scanner & Exploiter</strong><br/>
  <img src="https://img.shields.io/badge/Python-3.8+-blue.svg" alt="Python"/>
  <img src="https://img.shields.io/badge/License-MIT-green.svg" alt="License"/>
</div>

<h2>🚀 Features</h2>
<ul>
  <li>Multi-threaded vulnerability scanning</li>
  <li>Interactive root shell via WebSocket</li>
  <li>Single command execution mode</li>
  <li>Colored debug output</li>
  <li>Batch processing of targets</li>
</ul>

<h2>📦 Installation</h2>
<pre><code>git clone https://github.com/yourusername/suse-manager-exploit.git
cd suse-manager-exploit
pip install -r requirements.txt</code></pre>

<h2>🛠 Usage</h2>
<h3>Scan Mode</h3>
<pre><code>python3 exploit.py scan -i targets.txt -o vulnerable.txt --debug</code></pre>

<h3>Exploit Mode</h3>
<pre><code># Single command
python3 exploit.py exploit 10.0.0.5 -c "cat /etc/passwd"

# Interactive shell
python3 exploit.py exploit vulnerable.com --debug</code></pre>

<h2>🎯 Screenshot</h2>
<img src="screenshot.png" alt="Interactive Shell Demo" width="600"/>

<h2>⚙ Technical Details</h2>
<table>
  <tr>
    <th>Component</th>
    <th>Description</th>
  </tr>
  <tr>
    <td>WebSocket Endpoint</td>
    <td><code>/rhn/websocket/minion/remote-commands</code></td>
  </tr>
  <tr>
    <td>Vulnerability Check</td>
    <td>Verifies root command execution via <code>id</code></td>
  </tr>
  <tr>
    <td>SSL Handling</td>
    <td>Bypasses certificate verification</td>
  </tr>
</table>

<h2>⚠ Disclaimer</h2>
<p><em>This tool is for authorized penetration testing and educational purposes only. Usage against systems without prior permission is illegal.</em></p>

<h2>📜 License</h2>
<p>MIT - Copyright (c) 2023</p>
File Snapshot

 [4.0K]  /data/pocs/cc114c7fcf315fc55883d686fdf70f904400a85d
├── [6.6K]  CVE-2025-46811.py
├── [1.6K]  CVE-2025-46811.yaml
├── [ 535]  ip.txt
├── [1.0K]  LICENSE
├── [1.8K]  README.md
└── [ 72K]  screenshot.png

0 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →