CVE-2025-67601

High CVSS: 8.3

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

Vendor

Suse

Product

Rancher

CWE

CWE-295

Yayın Tarihi

2026-02-25 11:16:02

Güncelleme

2026-03-03 16:26:32

Source Identifier

meissner@suse.de

KEV Date Added

Kategoriler

CWE-295 Rancher HIGH Suse 2026

Referanslar

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601 https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p

Benzer Kayıtlar

High

CVE-2026-25702

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causi…

Medium

CVE-2025-62879

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both acce…

High

CVE-2025-6018

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication…