A critical vulnerability, CVE-2025-46811, in SUSE Manager allows unauthenticated attackers to execute arbitrary commands with root privileges, posing severe risks. The flaw, stemming from a missing authentication for the /rhn/websocket/minion/remote-commands endpoint, affects multiple versions of SUSE Manager across containers and cloud platforms. It has a CVSS score of 9.3, highlighting the need for immediate patching and heightened security measures.

‍