CVE-2025-67601

HIGH

8.3

Descricao

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

Detalhes CVE

Pontuacao CVSS v3.18.3

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeHIGH

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado2/25/2026

Ultima modificacao3/3/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

suse:rancher

Fraquezas (CWE)

CWE-295

Referencias

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601(meissner@suse.de)

https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p(meissner@suse.de)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.