Exposure of Sensitive Information in SUSE Rancher
CVE-2025-23387

5.3MEDIUM

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 11 April 2025

What is CVE-2025-23387?

A vulnerability in SUSE Rancher allows unauthenticated users to exploit weaknesses in the system by listing all CLI authentication tokens. This flaw enables attackers to delete tokens before they can be accessed securely, creating a risk of unauthorized actions without proper authentication. The vulnerability affects multiple versions of Rancher, necessitating prompt action for users relying on this platform.

Affected Version(s)

rancher 2.8.0 < 2.8.13

rancher 2.9.0 < 2.9.7

rancher 2.10.0 < 2.10.3

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387

https://github.com/rancher/rancher/security/advisories/GH...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Jan 15, 2025

Suse

What is CVE-2025-23387?

Affected Version(s)

References

CVSS V3.1

Timeline