{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-53880","title":"Title"},{"category":"description","text":"A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-53880","url":"https://www.suse.com/security/cve/CVE-2025-53880"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1246277 for CVE-2025-53880","url":"https://bugzilla.suse.com/1246277"},{"category":"external","summary":"Advisory link for SUSE-SU-2025:3825-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-October/023069.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2025:3826-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-October/023068.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2025:3827-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-October/023067.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2025:3839-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-October/023074.html"}],"title":"SUSE CVE CVE-2025-53880","tracking":{"current_release_date":"2025-11-19T00:24:10Z","generator":{"date":"2025-10-29T00:24:08Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-53880","initial_release_date":"2025-10-29T00:24:08Z","revision_history":[{"date":"2025-10-29T00:24:08Z","number":"2","summary":"Current version"},{"date":"2025-10-31T00:24:24Z","number":"3","summary":"Current version"},{"date":"2025-11-19T00:24:10Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Manager Proxy LTS 4.3","product":{"name":"SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy-lts:4.3"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server LTS 4.3","product":{"name":"SUSE Manager Retail Branch Server LTS 4.3","product_id":"SUSE Manager Retail Branch Server LTS 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server-lts:4.3"}}},{"category":"product_name","name":"SUSE Manager Server LTS 4.3","product":{"name":"SUSE Manager Server LTS 4.3","product_id":"SUSE Manager Server LTS 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server-lts:4.3"}}},{"category":"product_version","name":"python3-rhnlib-4.3.7-150400.3.9.4","product":{"name":"python3-rhnlib-4.3.7-150400.3.9.4","product_id":"python3-rhnlib-4.3.7-150400.3.9.4","product_identification_helper":{"purl":"pkg:rpm/suse/python3-rhnlib@4.3.7-150400.3.9.4?upstream=rhnlib-4.3.7-150400.3.9.4.src.rpm"}}},{"category":"product_version","name":"release-notes-susemanager-4.3.16.1-150400.3.143.2","product":{"name":"release-notes-susemanager-4.3.16.1-150400.3.143.2","product_id":"release-notes-susemanager-4.3.16.1-150400.3.143.2","product_identification_helper":{"purl":"pkg:rpm/suse/release-notes-susemanager@4.3.16.1-150400.3.143.2?upstream=release-notes-susemanager-4.3.16.1-150400.3.143.2.src.rpm"}}},{"category":"product_version","name":"release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2","product":{"name":"release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2","product_id":"release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2","product_identification_helper":{"purl":"pkg:rpm/suse/release-notes-susemanager-proxy@4.3.16.1-150400.3.101.2?upstream=release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-4.3.34-150400.3.58.6","product":{"name":"spacewalk-backend-4.3.34-150400.3.58.6","product_id":"spacewalk-backend-4.3.34-150400.3.58.6","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend@4.3.34-150400.3.58.6?upstream=spacewalk-backend-4.3.34-150400.3.58.6.src.rpm"}}},{"category":"product_version","name":"spacewalk-base-minimal-4.3.46-150400.3.63.5","product":{"name":"spacewalk-base-minimal-4.3.46-150400.3.63.5","product_id":"spacewalk-base-minimal-4.3.46-150400.3.63.5","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-base-minimal@4.3.46-150400.3.63.5?upstream=spacewalk-web-4.3.46-150400.3.63.5.src.rpm"}}},{"category":"product_version","name":"spacewalk-base-minimal-config-4.3.46-150400.3.63.5","product":{"name":"spacewalk-base-minimal-config-4.3.46-150400.3.63.5","product_id":"spacewalk-base-minimal-config-4.3.46-150400.3.63.5","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-base-minimal-config@4.3.46-150400.3.63.5?upstream=spacewalk-web-4.3.46-150400.3.63.5.src.rpm"}}},{"category":"product_version","name":"susemanager-build-keys-15.4.11-150400.3.38.1","product":{"name":"susemanager-build-keys-15.4.11-150400.3.38.1","product_id":"susemanager-build-keys-15.4.11-150400.3.38.1","product_identification_helper":{"purl":"pkg:rpm/suse/susemanager-build-keys@15.4.11-150400.3.38.1?upstream=susemanager-build-keys-15.4.11-150400.3.38.1.src.rpm"}}},{"category":"product_version","name":"susemanager-build-keys-web-15.4.11-150400.3.38.1","product":{"name":"susemanager-build-keys-web-15.4.11-150400.3.38.1","product_id":"susemanager-build-keys-web-15.4.11-150400.3.38.1","product_identification_helper":{"purl":"pkg:rpm/suse/susemanager-build-keys-web@15.4.11-150400.3.38.1?upstream=susemanager-build-keys-15.4.11-150400.3.38.1.src.rpm"}}},{"category":"product_version","name":"susemanager-tftpsync-recv-4.3.11-150400.3.15.3","product":{"name":"susemanager-tftpsync-recv-4.3.11-150400.3.15.3","product_id":"susemanager-tftpsync-recv-4.3.11-150400.3.15.3","product_identification_helper":{"purl":"pkg:rpm/suse/susemanager-tftpsync-recv@4.3.11-150400.3.15.3?upstream=susemanager-tftpsync-recv-4.3.11-150400.3.15.3.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"python3-rhnlib-4.3.7-150400.3.9.4 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:python3-rhnlib-4.3.7-150400.3.9.4"},"product_reference":"python3-rhnlib-4.3.7-150400.3.9.4","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2"},"product_reference":"release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-4.3.34-150400.3.58.6 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:spacewalk-backend-4.3.34-150400.3.58.6"},"product_reference":"spacewalk-backend-4.3.34-150400.3.58.6","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-base-minimal-4.3.46-150400.3.63.5 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:spacewalk-base-minimal-4.3.46-150400.3.63.5"},"product_reference":"spacewalk-base-minimal-4.3.46-150400.3.63.5","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-base-minimal-config-4.3.46-150400.3.63.5 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:spacewalk-base-minimal-config-4.3.46-150400.3.63.5"},"product_reference":"spacewalk-base-minimal-config-4.3.46-150400.3.63.5","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"susemanager-build-keys-15.4.11-150400.3.38.1 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:susemanager-build-keys-15.4.11-150400.3.38.1"},"product_reference":"susemanager-build-keys-15.4.11-150400.3.38.1","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"susemanager-build-keys-web-15.4.11-150400.3.38.1 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:susemanager-build-keys-web-15.4.11-150400.3.38.1"},"product_reference":"susemanager-build-keys-web-15.4.11-150400.3.38.1","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"susemanager-tftpsync-recv-4.3.11-150400.3.15.3 as component of SUSE Manager Proxy LTS 4.3","product_id":"SUSE Manager Proxy LTS 4.3:susemanager-tftpsync-recv-4.3.11-150400.3.15.3"},"product_reference":"susemanager-tftpsync-recv-4.3.11-150400.3.15.3","relates_to_product_reference":"SUSE Manager Proxy LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2 as component of SUSE Manager Retail Branch Server LTS 4.3","product_id":"SUSE Manager Retail Branch Server LTS 4.3:release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2"},"product_reference":"release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2","relates_to_product_reference":"SUSE Manager Retail Branch Server LTS 4.3"},{"category":"default_component_of","full_product_name":{"name":"release-notes-susemanager-4.3.16.1-150400.3.143.2 as component of SUSE Manager Server LTS 4.3","product_id":"SUSE Manager Server LTS 4.3:release-notes-susemanager-4.3.16.1-150400.3.143.2"},"product_reference":"release-notes-susemanager-4.3.16.1-150400.3.143.2","relates_to_product_reference":"SUSE Manager Server LTS 4.3"}]},"vulnerabilities":[{"cve":"CVE-2025-53880","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-53880"}],"notes":[{"category":"general","text":"A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.","title":"CVE description"}],"product_status":{"recommended":["SUSE Manager Proxy LTS 4.3:python3-rhnlib-4.3.7-150400.3.9.4","SUSE Manager Proxy LTS 4.3:release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2","SUSE Manager Proxy LTS 4.3:spacewalk-backend-4.3.34-150400.3.58.6","SUSE Manager Proxy LTS 4.3:spacewalk-base-minimal-4.3.46-150400.3.63.5","SUSE Manager Proxy LTS 4.3:spacewalk-base-minimal-config-4.3.46-150400.3.63.5","SUSE Manager Proxy LTS 4.3:susemanager-build-keys-15.4.11-150400.3.38.1","SUSE Manager Proxy LTS 4.3:susemanager-build-keys-web-15.4.11-150400.3.38.1","SUSE Manager Proxy LTS 4.3:susemanager-tftpsync-recv-4.3.11-150400.3.15.3","SUSE Manager Retail Branch Server LTS 4.3:release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2","SUSE Manager Server LTS 4.3:release-notes-susemanager-4.3.16.1-150400.3.143.2"]},"references":[{"category":"external","summary":"CVE-2025-53880","url":"https://www.suse.com/security/cve/CVE-2025-53880"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1246277 for CVE-2025-53880","url":"https://bugzilla.suse.com/1246277"},{"category":"external","summary":"Advisory link for SUSE-SU-2025:3825-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-October/023069.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2025:3826-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-October/023068.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2025:3827-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-October/023067.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2025:3839-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-October/023074.html"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Manager Proxy LTS 4.3:python3-rhnlib-4.3.7-150400.3.9.4","SUSE Manager Proxy LTS 4.3:release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2","SUSE Manager Proxy LTS 4.3:spacewalk-backend-4.3.34-150400.3.58.6","SUSE Manager Proxy LTS 4.3:spacewalk-base-minimal-4.3.46-150400.3.63.5","SUSE Manager Proxy LTS 4.3:spacewalk-base-minimal-config-4.3.46-150400.3.63.5","SUSE Manager Proxy LTS 4.3:susemanager-build-keys-15.4.11-150400.3.38.1","SUSE Manager Proxy LTS 4.3:susemanager-build-keys-web-15.4.11-150400.3.38.1","SUSE Manager Proxy LTS 4.3:susemanager-tftpsync-recv-4.3.11-150400.3.15.3","SUSE Manager Retail Branch Server LTS 4.3:release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2","SUSE Manager Server LTS 4.3:release-notes-susemanager-4.3.16.1-150400.3.143.2"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Manager Proxy LTS 4.3:python3-rhnlib-4.3.7-150400.3.9.4","SUSE Manager Proxy LTS 4.3:release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2","SUSE Manager Proxy LTS 4.3:spacewalk-backend-4.3.34-150400.3.58.6","SUSE Manager Proxy LTS 4.3:spacewalk-base-minimal-4.3.46-150400.3.63.5","SUSE Manager Proxy LTS 4.3:spacewalk-base-minimal-config-4.3.46-150400.3.63.5","SUSE Manager Proxy LTS 4.3:susemanager-build-keys-15.4.11-150400.3.38.1","SUSE Manager Proxy LTS 4.3:susemanager-build-keys-web-15.4.11-150400.3.38.1","SUSE Manager Proxy LTS 4.3:susemanager-tftpsync-recv-4.3.11-150400.3.15.3","SUSE Manager Retail Branch Server LTS 4.3:release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2","SUSE Manager Server LTS 4.3:release-notes-susemanager-4.3.16.1-150400.3.143.2"]}],"threats":[{"category":"impact","date":"2025-07-10T15:30:19Z","details":"important"}],"title":"CVE-2025-53880"}]}