CVE-2025-46809 is a vulnerability identified in certain SUSE Manager container images and modules, specifically related to the plaintext storage of HTTP proxy credentials within log files. This vulnerability falls under CWE-256, which concerns the improper storage of sensitive information such as passwords in plaintext. The affected products include various versions of SUSE Manager Proxy and Server containers (e.g., suse/manager/4.3/proxy-httpd:4.3.16.9.67.1 and suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1) and related images for SLES15-SP4 Manager Proxy and Server across multiple cloud platforms (Azure, EC2, GCE). The issue is present in versions prior to 4.3.33-150400.3.55.2 for 4.3 releases and prior to 5.0.14-150600.4.17.1 for 5.0 releases. The vulnerability allows sensitive HTTP proxy credentials to be exposed in log files, which can be accessed by users or processes with read access to these logs. The CVSS 4.0 base score is 6.9 (medium severity), reflecting a network attack vector with low attack complexity but requiring privileges and user interaction. The vulnerability impacts confidentiality significantly (high impact on confidentiality), but does not affect integrity or availability. No known exploits are currently reported in the wild. The vulnerability requires an attacker to have some level of privileges (low) and user interaction, which may limit immediate exploitation but still poses a risk especially in multi-tenant or shared environments where log access is possible. This exposure could lead to credential theft, enabling further unauthorized access or lateral movement within affected environments.

For European organizations using SUSE Manager containers and images, this vulnerability poses a risk of credential leakage that could compromise HTTP proxy authentication. Since SUSE Manager is widely used for managing Linux infrastructure, especially in enterprise and cloud environments, exposure of proxy credentials could allow attackers to bypass network controls, intercept or redirect traffic, or gain unauthorized access to internal resources. The impact is particularly critical in regulated industries such as finance, healthcare, and government sectors prevalent in Europe, where data confidentiality is paramount. Additionally, organizations leveraging cloud platforms (Azure, AWS EC2, Google Cloud) for their SUSE Manager deployments may face increased risk if logs are accessible to unauthorized users or if container isolation is not strictly enforced. The vulnerability could facilitate lateral movement or data exfiltration, undermining compliance with GDPR and other data protection regulations. Although the vulnerability does not directly affect system integrity or availability, the compromise of credentials can lead to broader security incidents with significant operational and reputational consequences.

1. Immediate upgrade to the fixed versions of SUSE Manager containers and images is the most effective mitigation. Specifically, update to versions 4.3.33-150400.3.55.2 or later for 4.3 releases and 5.0.14-150600.4.17.1 or later for 5.0 releases. 2. Restrict access to log files containing proxy credentials by enforcing strict file permissions and access controls, limiting read access only to trusted administrators. 3. Implement log management solutions that redact or encrypt sensitive information before storage or transmission. 4. Use container security best practices such as running containers with the least privileges, isolating container logs, and monitoring for unusual access patterns to logs. 5. Rotate HTTP proxy credentials regularly and immediately after patching to invalidate any potentially exposed credentials. 6. Employ network segmentation and zero-trust principles to limit the impact of compromised proxy credentials. 7. Monitor security advisories from SUSE and related cloud providers for any updates or additional patches. 8. Conduct internal audits to identify any unauthorized access to logs or suspicious activities related to proxy authentication.