Information Disclosure Vulnerability in Rancher Manager by SUSE
CVE-2025-54468

4.7MEDIUM

Key Information:

Vendor

Suse

Status
Vendor
CVE Published:
2 October 2025

What is CVE-2025-54468?

A vulnerability has been detected in Rancher Manager that allows the revelation of sensitive data through Impersonate-Extra-* headers. These headers can be unintentionally transmitted to external entities, such as amazonaws.com, via the /meta/proxy endpoint. As a result, identifiable information, including email addresses, may become exposed, posing a significant risk to user privacy and data security.

Affected Version(s)

rancher 2.12.0 < 2.12.2

rancher 2.11.0 < 2.11.6

rancher 2.10.0 < 2.10.10

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-54468 : Information Disclosure Vulnerability in Rancher Manager by SUSE