{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for cockpit","title":"Title of the patch"},{"category":"description","text":"This update for cockpit fixes the following issues:\n\n- CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global\n  prototypes (bsc#1257324).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-SLE-Micro-6.0-590","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20454-1.json"},{"category":"self","summary":"URL for SUSE-SU-2026:20454-1","url":"https://www.suse.com/support/update/announcement/2026/suse-su-202620454-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2026:20454-1","url":"https://lists.suse.com/pipermail/sle-updates/2026-February/044345.html"},{"category":"self","summary":"SUSE Bug 1257324","url":"https://bugzilla.suse.com/1257324"},{"category":"self","summary":"SUSE CVE CVE-2025-13465 page","url":"https://www.suse.com/security/cve/CVE-2025-13465/"}],"title":"Security update for cockpit","tracking":{"current_release_date":"2026-02-17T09:00:57Z","generator":{"date":"2026-02-17T09:00:57Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2026:20454-1","initial_release_date":"2026-02-17T09:00:57Z","revision_history":[{"date":"2026-02-17T09:00:57Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"cockpit-309-8.1.aarch64","product":{"name":"cockpit-309-8.1.aarch64","product_id":"cockpit-309-8.1.aarch64"}},{"category":"product_version","name":"cockpit-bridge-309-8.1.aarch64","product":{"name":"cockpit-bridge-309-8.1.aarch64","product_id":"cockpit-bridge-309-8.1.aarch64"}},{"category":"product_version","name":"cockpit-ws-309-8.1.aarch64","product":{"name":"cockpit-ws-309-8.1.aarch64","product_id":"cockpit-ws-309-8.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"cockpit-networkmanager-309-8.1.noarch","product":{"name":"cockpit-networkmanager-309-8.1.noarch","product_id":"cockpit-networkmanager-309-8.1.noarch"}},{"category":"product_version","name":"cockpit-selinux-309-8.1.noarch","product":{"name":"cockpit-selinux-309-8.1.noarch","product_id":"cockpit-selinux-309-8.1.noarch"}},{"category":"product_version","name":"cockpit-storaged-309-8.1.noarch","product":{"name":"cockpit-storaged-309-8.1.noarch","product_id":"cockpit-storaged-309-8.1.noarch"}},{"category":"product_version","name":"cockpit-system-309-8.1.noarch","product":{"name":"cockpit-system-309-8.1.noarch","product_id":"cockpit-system-309-8.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"cockpit-309-8.1.s390x","product":{"name":"cockpit-309-8.1.s390x","product_id":"cockpit-309-8.1.s390x"}},{"category":"product_version","name":"cockpit-bridge-309-8.1.s390x","product":{"name":"cockpit-bridge-309-8.1.s390x","product_id":"cockpit-bridge-309-8.1.s390x"}},{"category":"product_version","name":"cockpit-ws-309-8.1.s390x","product":{"name":"cockpit-ws-309-8.1.s390x","product_id":"cockpit-ws-309-8.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"cockpit-309-8.1.x86_64","product":{"name":"cockpit-309-8.1.x86_64","product_id":"cockpit-309-8.1.x86_64"}},{"category":"product_version","name":"cockpit-bridge-309-8.1.x86_64","product":{"name":"cockpit-bridge-309-8.1.x86_64","product_id":"cockpit-bridge-309-8.1.x86_64"}},{"category":"product_version","name":"cockpit-ws-309-8.1.x86_64","product":{"name":"cockpit-ws-309-8.1.x86_64","product_id":"cockpit-ws-309-8.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Micro 6.0","product":{"name":"SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0","product_identification_helper":{"cpe":"cpe:/o:suse:sl-micro:6.0"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"cockpit-309-8.1.aarch64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-309-8.1.aarch64"},"product_reference":"cockpit-309-8.1.aarch64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-309-8.1.s390x as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-309-8.1.s390x"},"product_reference":"cockpit-309-8.1.s390x","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-309-8.1.x86_64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-309-8.1.x86_64"},"product_reference":"cockpit-309-8.1.x86_64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge-309-8.1.aarch64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.aarch64"},"product_reference":"cockpit-bridge-309-8.1.aarch64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge-309-8.1.s390x as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.s390x"},"product_reference":"cockpit-bridge-309-8.1.s390x","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge-309-8.1.x86_64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.x86_64"},"product_reference":"cockpit-bridge-309-8.1.x86_64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-networkmanager-309-8.1.noarch as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-networkmanager-309-8.1.noarch"},"product_reference":"cockpit-networkmanager-309-8.1.noarch","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-selinux-309-8.1.noarch as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-selinux-309-8.1.noarch"},"product_reference":"cockpit-selinux-309-8.1.noarch","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-storaged-309-8.1.noarch as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-storaged-309-8.1.noarch"},"product_reference":"cockpit-storaged-309-8.1.noarch","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-system-309-8.1.noarch as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-system-309-8.1.noarch"},"product_reference":"cockpit-system-309-8.1.noarch","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws-309-8.1.aarch64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-ws-309-8.1.aarch64"},"product_reference":"cockpit-ws-309-8.1.aarch64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws-309-8.1.s390x as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-ws-309-8.1.s390x"},"product_reference":"cockpit-ws-309-8.1.s390x","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws-309-8.1.x86_64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:cockpit-ws-309-8.1.x86_64"},"product_reference":"cockpit-ws-309-8.1.x86_64","relates_to_product_reference":"SUSE Linux Micro 6.0"}]},"vulnerabilities":[{"cve":"CVE-2025-13465","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-13465"}],"notes":[{"category":"general","text":"Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset  and _.omit  functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Micro 6.0:cockpit-309-8.1.aarch64","SUSE Linux Micro 6.0:cockpit-309-8.1.s390x","SUSE Linux Micro 6.0:cockpit-309-8.1.x86_64","SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.aarch64","SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.s390x","SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.x86_64","SUSE Linux Micro 6.0:cockpit-networkmanager-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-selinux-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-storaged-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-system-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-ws-309-8.1.aarch64","SUSE Linux Micro 6.0:cockpit-ws-309-8.1.s390x","SUSE Linux Micro 6.0:cockpit-ws-309-8.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2025-13465","url":"https://www.suse.com/security/cve/CVE-2025-13465"},{"category":"external","summary":"SUSE Bug 1257321 for CVE-2025-13465","url":"https://bugzilla.suse.com/1257321"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Micro 6.0:cockpit-309-8.1.aarch64","SUSE Linux Micro 6.0:cockpit-309-8.1.s390x","SUSE Linux Micro 6.0:cockpit-309-8.1.x86_64","SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.aarch64","SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.s390x","SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.x86_64","SUSE Linux Micro 6.0:cockpit-networkmanager-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-selinux-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-storaged-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-system-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-ws-309-8.1.aarch64","SUSE Linux Micro 6.0:cockpit-ws-309-8.1.s390x","SUSE Linux Micro 6.0:cockpit-ws-309-8.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.2,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","version":"3.1"},"products":["SUSE Linux Micro 6.0:cockpit-309-8.1.aarch64","SUSE Linux Micro 6.0:cockpit-309-8.1.s390x","SUSE Linux Micro 6.0:cockpit-309-8.1.x86_64","SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.aarch64","SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.s390x","SUSE Linux Micro 6.0:cockpit-bridge-309-8.1.x86_64","SUSE Linux Micro 6.0:cockpit-networkmanager-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-selinux-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-storaged-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-system-309-8.1.noarch","SUSE Linux Micro 6.0:cockpit-ws-309-8.1.aarch64","SUSE Linux Micro 6.0:cockpit-ws-309-8.1.s390x","SUSE Linux Micro 6.0:cockpit-ws-309-8.1.x86_64"]}],"threats":[{"category":"impact","date":"2026-02-17T09:00:57Z","details":"important"}],"title":"CVE-2025-13465"}]}