Critical Security Update: golang-github-prometheus-node_exporter Patches CVE-2025-22870 & CVE-2023-45288

 

SUSE has released a moderate-risk security update for golang-github-prometheus-node_exporter (v1.9.1), fixing CVE-2025-22870 (CVSS 4.8) and CVE-2023-45288 (CVSS 6.9). Affected systems include SUSE Linux Enterprise 15 SP3-SP7, openSUSE Leap 15.6, and SUSE Manager. Learn patch instructions, CVSS scores, and impacted products.

 

SUSE Linux Systems at Risk – Immediate Action Required

1. Key Security Vulnerabilities Patched

This update addresses two critical flaws in the Prometheus Node Exporter, a widely used tool for system monitoring in enterprise environments:

A. CVE-2025-22870

• CVSS 4.0 Score: 4.8 (SUSE)

• Impact: Local privilege escalation via golang.org/x/net (updated to v0.37.0).

• Affected Systems:

  • SUSE Linux Enterprise Server 15 SP3-SP7

  • SUSE Manager Proxy 4.3

  • SUSE Enterprise Storage 7.1

B. CVE-2023-45288

• CVSS 4.0 Score: 6.9 (SUSE)

• Impact: Network-based denial-of-service (DoS) vulnerability.

• Affected Systems:

  • openSUSE Leap 15.6

  • SUSE Linux Enterprise High Performance Computing (HPC)

🔴 Why This Matters: Unpatched systems risk unauthorized access and service disruption, critical for DevOps and IT security teams.

2. Patch Instructions for Affected Systems

Quick Fix via Zypper (SUSE Recommended)

bash

Copy

Download

# For openSUSE Leap 15.6:  
zypper in -t patch openSUSE-SLE-15.6-2025-1988=1  

# For SUSE Linux Enterprise Server 15 SP6:  
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1988=1  

Alternative Methods:

• Use YaST Online Update for GUI-based patching.

• Enterprise users should deploy via SUSE Manager for centralized control.

3. Full List of Impacted Products

Product	Patch Available?
SUSE Linux Enterprise Desktop 15 SP6/SP7	✅
SUSE Linux Enterprise Micro 5.0-5.5	✅
SUSE Manager Server 4.3	✅
SUSE Linux Enterprise Real Time 15 SP6/SP7	✅

(See original advisory for complete list.)

4. Additional Fixes & Improvements

• 🛠️ Bug Fixes:

  • Resolved Darwin memory leak (macOS monitoring).

  • Fixed missing IRQ metrics on older kernels.

5. Frequently Asked Questions (FAQ)

Q: Is this update mandatory?

A: Yes, if you use Prometheus Node Exporter in a production environment. CVSS 6.9 indicates moderate-high risk.

Q: How do I verify the patch?

A: Run:

bash

Copy

Download

rpm -q golang-github-prometheus-node_exporter  

Expected version: 1.9.1-150100.3.35.2.

6. References & Further Reading

• SUSE CVE-2023-45288 Advisory

• NVD CVE-2025-22870 Details

• Enterprise Support: Contact SUSE Security Team.