CVE-2025-46802 is a vulnerability identified in SUSE Linux Enterprise Micro 5.3, where the pseudo-terminal (PTY) device is temporarily set to mode 666. This permission setting allows any user on the system to connect to an active screen session. Normally, PTY devices have restrictive permissions to prevent unauthorized access, but setting the mode to 666 (read and write permissions for owner, group, and others) creates a window for privilege escalation or unauthorized session hijacking. The vulnerability is classified under CWE-732, which relates to incorrect permission assignment. The CVSS v3.1 base score is 6.0 (medium severity), with vector AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N, indicating that the attack requires local access, high attack complexity, low privileges, and user interaction, but results in high confidentiality and integrity impact without affecting availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects SUSE Linux Enterprise Micro 5.3, a lightweight Linux distribution designed for containerized and microservice environments, often used in edge computing and IoT scenarios. The temporary window of permissive PTY permissions could allow local users to intercept or manipulate terminal sessions, potentially leading to unauthorized data access or command execution within the session context.

For European organizations, this vulnerability poses a significant risk in environments where SUSE Linux Enterprise Micro 5.3 is deployed, particularly in edge computing, IoT, or containerized infrastructure. Unauthorized access to screen sessions can lead to exposure of sensitive information, including credentials or confidential data displayed or entered during the session. Integrity of the session can be compromised, allowing attackers to inject commands or manipulate running processes. Although the attack requires local access and user interaction, the impact on confidentiality and integrity is high, which is critical for sectors handling sensitive data such as finance, healthcare, and critical infrastructure. The vulnerability could also be leveraged in multi-tenant environments or shared hosting scenarios common in cloud services, increasing the risk of lateral movement or privilege escalation within organizational networks.

Organizations should implement strict access controls to limit local user accounts and monitor user activities on systems running SUSE Linux Enterprise Micro 5.3. Until an official patch is released, administrators can mitigate risk by restricting access to terminal sessions and PTY devices through mandatory access control frameworks like SELinux or AppArmor, configuring them to prevent unauthorized PTY access. Regular auditing of PTY device permissions and session logs can help detect anomalous behavior. Employing multi-factor authentication for local access and minimizing the number of users with shell access reduces the attack surface. Additionally, isolating critical workloads and using container security best practices can limit the impact of potential exploitation. Organizations should stay alert for official patches or updates from SUSE and apply them promptly once available.