Improper Access Control in SUSE Rancher Affects User Identity Impersonation
CVE-2025-23389

8.4HIGH

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 11 April 2025

Summary

An improper access control vulnerability has been identified in SUSE Rancher that allows a local user to impersonate other identities through SAML authentication during the first login process. This flaw could lead to unauthorized access and potential exploitation by leveraging the impersonation capability. It affects specific versions of Rancher, making it crucial for administrators to upgrade to the latest versions to safeguard against possible threats.

Affected Version(s)

rancher 2.8.0 < 2.8.13

rancher 2.9.0 < 2.9.7

rancher 2.10.0 < 2.10.3

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23389

https://github.com/rancher/rancher/security/advisories/GH...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Jan 15, 2025