Rancher
CVE-2025-67601
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the -cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.
AnalysisAI
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the -cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. [CVSS 8.3 HIGH]
Technical ContextAI
Classified as CWE-295 (Improper Certificate Validation). Affects Rancher. A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no
SAML assertion replay in Rancher's Assertion Consumer Service (ACS) handler lets a person-in-the-middle who captures a v
Privilege escalation in SUSE Rancher (Kubernetes management platform) allows a user holding the Project Owner role to im
Privilege escalation in Rancher 2.13 (before 2.13.6) and 2.14 (before 2.14.2) lets any authenticated user gain principal
Authentication bypass in SUSE Rancher's in-cluster admission webhook (rancher-webhook) lets a network-adjacent, unauthen
Privilege persistence in SUSE Rancher allows project users to retain Pod Security Admission (PSA) permissions even after
Path traversal in Rancher Fleet's ImageScan subsystem (CWE-23) allows authenticated remote attackers to escape intended
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-mc24-7m59-4q5p