CVE-2026-25702 - Vulnerability Details

- nftables disabled due to incorrect kernel backport

Description

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.

Published: 2026-03-05

Score: 7.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An improper access control flaw in the Linux kernel of SUSE Linux Enterprise Server 12 SP5 disables the nftables subsystem, rendering firewall rules ineffective. The vulnerability allows an attacker to bypass the intended network filtering protections, potentially leading to unauthorized network access, data leakage, or disruption of services. The weakness is a classic example of a misconfigured privilege boundary within the kernel, classified under CWE-284.

Affected Systems

Affected products are SUSE Linux Enterprise Server 12 SP5. The flaw exists in all releases before the kernel commit 9c294edb7085fb91650bc12233495a8974c5ff2d, which introduced the fix. Any installation of the 12 SP5 kernel before that point remains vulnerable.

Risk and Exploitability

The CVSS score of 7.3 indicates high severity. However, the EPSS score is below 1%, showing a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires compromising the kernel or gaining privileged access, after which the attacker can effectively disable nftables. While the risk to the confidentiality, integrity, or availability of the network is significant, the low exploitability reduces the urgency compared to high EPSS threats.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SUSE

SUSE Linux Enterprise Server

unaffected

Version	Status	Constraints
`9e6d9d4601768c75fdb0bad3fbbe636e748939c2`	affected	< 9c294edb7085fb91650bc12233495a8974c5ff2d

Configuration 1 [-]

cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Suse

Suse Linux Enterprise Server

100%

Version	Status	Scheme	Platform
`[9e6d9d4601768c75fdb0bad3fbbe636e748939c2,9c294edb7085fb91650bc12233495a8974c5ff2d)`	affected	code_commit	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest SUSE security update that includes the kernel commit after 9c294edb7085fb91650bc12233495a8974c5ff2d to restore nftables functionality.
Restart the system to load the updated kernel, ensuring nftables services are enabled upon boot.
Recreate or reload firewall rules using the nft command to confirm that filtering is active and rules are enforced.

Generated by OpenCVE AI on April 16, 2026 at 12:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00057.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25702

History

Mon, 09 Mar 2026 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Suse linux Enterprise Server
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:suse:linux_enterprise_server:12:sp5::::::
Vendors & Products		Suse linux Enterprise Server

Fri, 06 Mar 2026 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Suse Suse suse Linux Enterprise Server
Vendors & Products		Suse Suse suse Linux Enterprise Server

Thu, 05 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 05 Mar 2026 07:15:00 +0000

Type	Values Removed	Values Added
Description		A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.
Title		nftables disabled due to incorrect kernel backport
Weaknesses		CWE-284
References		https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25702
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}`

Subscriptions

Suse Linux Enterprise Server Suse Linux Enterprise Server

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2026-03-05T07:00:18.627Z

Updated: 2026-03-05T15:17:39.310Z

Reserved: 2026-02-05T15:37:24.183Z

Link: CVE-2026-25702

Vulnrichment

Updated: 2026-03-05T15:17:35.669Z

NVD

Status : Analyzed

Published: 2026-03-05T07:16:13.153

Modified: 2026-03-09T18:31:36.993

Link: CVE-2026-25702

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T12:45:35Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object