Information Disclosure Vulnerability in Rancher Manager by SUSE
CVE-2025-54468

4.7MEDIUM

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 2 October 2025

What is CVE-2025-54468?

A vulnerability has been detected in Rancher Manager that allows the revelation of sensitive data through Impersonate-Extra-* headers. These headers can be unintentionally transmitted to external entities, such as amazonaws.com, via the /meta/proxy endpoint. As a result, identifiable information, including email addresses, may become exposed, posing a significant risk to user privacy and data security.

Affected Version(s)

rancher 2.12.0 < 2.12.2

rancher 2.11.0 < 2.11.6

rancher 2.10.0 < 2.10.10

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54468

https://github.com/rancher/rancher/security/advisories/GH...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Jul 23, 2025

JSON

Suse

What is CVE-2025-54468?

Affected Version(s)

References

CVSS V3.1

Timeline