CVE-2025-53880

Published: Oct 30, 2025

Modified: Feb 26, 2026

PUBLISHED

Description

A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.

Vendor	Product	Versions
SUSE	Container suse/manager/4.3/proxy-httpd:latest	affected `? - < 4.3.11-150400.3.15.3`
SUSE	Container suse/manager/5.0/x86_64/proxy-httpd:latest	affected `? - < 5.0.3-150600.3.6.4`
SUSE	Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:latest	affected `? - < 5.1.3-150700.3.3.3`
SUSE	SUSE Manager Proxy LTS 4.3	affected `? - < 4.3.11-150400.3.15.3`

Weaknesses (CWE)

CWE-35

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53880

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-53880

Description

Affected Products

Weaknesses (CWE)

References