{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"low"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-54781","title":"Title"},{"category":"description","text":"Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune compliance status, and may permit additional administrative operations for the Intune host device (though the API for these operations is undocumented). This is fixed in version 1.1.0. To workaround this issue, ensure that Himmelblau debugging is disabled.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-54781","url":"https://www.suse.com/security/cve/CVE-2025-54781"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1247526 for CVE-2025-54781","url":"https://bugzilla.suse.com/1247526"}],"title":"SUSE CVE CVE-2025-54781","tracking":{"current_release_date":"2025-08-04T23:22:04Z","generator":{"date":"2025-08-04T23:22:04Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-54781","initial_release_date":"2025-08-04T23:22:04Z","revision_history":[{"date":"2025-08-04T23:22:04Z","number":"2","summary":"Current version"}],"status":"interim","version":"2"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP7","product":{"name":"SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Basesystem 15 SP7","product":{"name":"SUSE Linux Enterprise Module for Basesystem 15 SP7","product_id":"SUSE Linux Enterprise Module for Basesystem 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-basesystem:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP7","product":{"name":"SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp7"}}},{"category":"product_version","name":"himmelblau","product":{"name":"himmelblau","product_id":"himmelblau","product_identification_helper":{"purl":"pkg:rpm/suse/himmelblau@?upstream=himmelblau.src.rpm"}}},{"category":"product_version","name":"himmelblau-sshd-config","product":{"name":"himmelblau-sshd-config","product_id":"himmelblau-sshd-config","product_identification_helper":{"purl":"pkg:rpm/suse/himmelblau-sshd-config@?upstream=himmelblau.src.rpm"}}},{"category":"product_version","name":"libnss_himmelblau2","product":{"name":"libnss_himmelblau2","product_id":"libnss_himmelblau2","product_identification_helper":{"purl":"pkg:rpm/suse/libnss_himmelblau2@?upstream=himmelblau.src.rpm"}}},{"category":"product_version","name":"pam-himmelblau","product":{"name":"pam-himmelblau","product_id":"pam-himmelblau","product_identification_helper":{"purl":"pkg:rpm/suse/pam-himmelblau@?upstream=himmelblau.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"himmelblau as component of SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7:himmelblau"},"product_reference":"himmelblau","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"himmelblau-sshd-config as component of SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7:himmelblau-sshd-config"},"product_reference":"himmelblau-sshd-config","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"libnss_himmelblau2 as component of SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7:libnss_himmelblau2"},"product_reference":"libnss_himmelblau2","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"pam-himmelblau as component of SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7:pam-himmelblau"},"product_reference":"pam-himmelblau","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"himmelblau as component of SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7:himmelblau"},"product_reference":"himmelblau","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"himmelblau-sshd-config as component of SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7:himmelblau-sshd-config"},"product_reference":"himmelblau-sshd-config","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"libnss_himmelblau2 as component of SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7:libnss_himmelblau2"},"product_reference":"libnss_himmelblau2","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"pam-himmelblau as component of SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7:pam-himmelblau"},"product_reference":"pam-himmelblau","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"himmelblau as component of SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7:himmelblau"},"product_reference":"himmelblau","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"himmelblau-sshd-config as component of SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7:himmelblau-sshd-config"},"product_reference":"himmelblau-sshd-config","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"libnss_himmelblau2 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7:libnss_himmelblau2"},"product_reference":"libnss_himmelblau2","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"pam-himmelblau as component of SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7:pam-himmelblau"},"product_reference":"pam-himmelblau","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"himmelblau as component of SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7:himmelblau"},"product_reference":"himmelblau","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"himmelblau-sshd-config as component of SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7:himmelblau-sshd-config"},"product_reference":"himmelblau-sshd-config","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"libnss_himmelblau2 as component of SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7:libnss_himmelblau2"},"product_reference":"libnss_himmelblau2","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"pam-himmelblau as component of SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7:pam-himmelblau"},"product_reference":"pam-himmelblau","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"himmelblau as component of SUSE Linux Enterprise Module for Basesystem 15 SP7","product_id":"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau"},"product_reference":"himmelblau","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"himmelblau-sshd-config as component of SUSE Linux Enterprise Module for Basesystem 15 SP7","product_id":"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config"},"product_reference":"himmelblau-sshd-config","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"libnss_himmelblau2 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7","product_id":"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2"},"product_reference":"libnss_himmelblau2","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"pam-himmelblau as component of SUSE Linux Enterprise Module for Basesystem 15 SP7","product_id":"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau"},"product_reference":"pam-himmelblau","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15 SP7"}]},"vulnerabilities":[{"cve":"CVE-2025-54781","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-54781"}],"notes":[{"category":"general","text":"Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune compliance status, and may permit additional administrative operations for the Intune host device (though the API for these operations is undocumented). This is fixed in version 1.1.0. To workaround this issue, ensure that Himmelblau debugging is disabled.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise Desktop 15 SP7:himmelblau","SUSE Linux Enterprise Desktop 15 SP7:himmelblau-sshd-config","SUSE Linux Enterprise Desktop 15 SP7:libnss_himmelblau2","SUSE Linux Enterprise Desktop 15 SP7:pam-himmelblau","SUSE Linux Enterprise High Performance Computing 15 SP7:himmelblau","SUSE Linux Enterprise High Performance Computing 15 SP7:himmelblau-sshd-config","SUSE Linux Enterprise High Performance Computing 15 SP7:libnss_himmelblau2","SUSE Linux Enterprise High Performance Computing 15 SP7:pam-himmelblau","SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau","SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config","SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2","SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau","SUSE Linux Enterprise Server 15 SP7:himmelblau","SUSE Linux Enterprise Server 15 SP7:himmelblau-sshd-config","SUSE Linux Enterprise Server 15 SP7:libnss_himmelblau2","SUSE Linux Enterprise Server 15 SP7:pam-himmelblau","SUSE Linux Enterprise Server for SAP Applications 15 SP7:himmelblau","SUSE Linux Enterprise Server for SAP Applications 15 SP7:himmelblau-sshd-config","SUSE Linux Enterprise Server for SAP Applications 15 SP7:libnss_himmelblau2","SUSE Linux Enterprise Server for SAP Applications 15 SP7:pam-himmelblau"]},"references":[{"category":"external","summary":"CVE-2025-54781","url":"https://www.suse.com/security/cve/CVE-2025-54781"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1247526 for CVE-2025-54781","url":"https://bugzilla.suse.com/1247526"}],"threats":[{"category":"impact","date":"2025-08-02T02:00:11Z","details":"low"}],"title":"CVE-2025-54781"}]}