Critical Security Update: SUSE Patches High-Risk Vulnerabilities in rmt-server (CVE-2025-46727, CVE-2025-32441)

 

SUSE releases urgent security patch for rmt-server addressing critical CVE-2025-46727 (CVSS 8.7) DoS vulnerability and CVE-2025-32441 session restoration flaw. Learn how to protect your Linux systems with this essential update for openSUSE Leap 15.3, SLES 15 SP3, and enterprise environments.

Urgent Security Advisory: What You Need to Know

SUSE has released a high-priority security update (SUSE-SU-2025:02429-1) addressing two critical vulnerabilities in rmt-server, the repository management tool for SUSE Linux distributions. This patch impacts all enterprise users running:

• openSUSE Leap 15.3

• SUSE Linux Enterprise Server 15 SP3

• SAP Applications environments

• Cloud and storage deployments

Why should you care? Unpatched systems are vulnerable to denial-of-service attacks and session hijacking - risks no enterprise can afford in 2025's threat landscape.

Vulnerability Breakdown: Severity and Impact

1. CVE-2025-46727: Critical DoS Vulnerability (CVSS 8.7)

• Threat: Unbounded-parameter attack in Rack:QueryParser

• Impact: Remote attackers can crash services (NVD Score: 7.5)

• Affected: All network-exposed rmt-server instances

• Reference: bsc#1242893

2. CVE-2025-32441: Session Restoration Flaw (CVSS 4.2)

• Threat: Deleted rack sessions can be restored during concurrent requests

• Impact: Potential authentication bypass (SUSE Score: 2.3)

• Affected: Multi-user environments

• Reference: bsc#1242898

Patch Instructions: Step-by-Step Guide

For System Administrators:

bash

# openSUSE Leap 15.3:
zypper in -t patch SUSE-2025-2429=1

# SLES 15 SP3 LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2429=1

# SAP Environments:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2429=1

Pro Tip: Always test patches in staging environments before production deployment.

Affected Packages List

Product	Architecture	Updated Packages
openSUSE Leap 15.3	x86_64, ARM	rmt-server-2.23, config, debuginfo
SUSE Manager 4.2	All	rmt-server-pubcloud-2.23
Enterprise Storage 7.1	x86_64	Full server stack updates

Security Best Practices

1. Immediate Action: Patch within 24 hours for internet-facing systems

2. Defense in Depth: Combine with WAF rules for QueryParser attacks

3. Monitoring: Watch for unusual rack session activity

FAQ Section

Q: Is this update backwards compatible?[

A: Yes, all configuration formats remain unchanged from v2.22+.

Q: What's the performance impact?

A: Under 2% overhead for most workloads based on SUSE benchmarks.

Q: Are cloud instances automatically patched?

A: Only if using SUSE's managed update services - check your CSP portal.