CVE-2025-67601

HIGH

8.3

Beschreibung

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

CVE Details

CVSS v3.1 Bewertung8.3

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatHIGH

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht2/25/2026

Zuletzt geandert3/3/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

suse:rancher

Schwachen (CWE)

CWE-295

Referenzen

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601(meissner@suse.de)

https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p(meissner@suse.de)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.