Vulnerability-Lookup

CVE-2025-67601 (GCVE-0-2025-67601)

Vulnerability from cvelistv5 – Published: 2026-02-25 10:36 – Updated: 2026-02-26 14:44

Title

Rancher CLI skips TLS verification on Rancher CLI login command

Summary

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

Severity ?

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-295 - Improper Certificate Validation

Assigner

suse

References

URL

Tags

	https://bugzilla.suse.com/show_bug.cgi?id=CVE-202…
	https://github.com/rancher/rancher/security/advis…

Impacted products

	Vendor	Product	Version
	SUSE	rancher	Affected: 0 , < 0.0.0-20260129092249-bb0625fd1896 (semver) Affected: 2.13.0 , < 2.13.2 (semver) Affected: 2.12.0 , < 2.12.6 (semver) Affected: 2.11.0 , < 2.11.10 (semver) Affected: 2.10.0 , < 2.10.11 (semver)

Date Public ?

2026-02-01 16:58

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-67601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T04:55:52.856025Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:07.081Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "github.com/rancher/rancher",
          "product": "rancher",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "0.0.0-20260129092249-bb0625fd1896",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.13.2",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.12.6",
              "status": "affected",
              "version": "2.12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.11.10",
              "status": "affected",
              "version": "2.11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.10.11",
              "status": "affected",
              "version": "2.10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-02-01T16:58:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the \u003c/span\u003e\u003ccode\u003e-skip-verify\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;flag to the Rancher CLI login command without also passing the \u003c/span\u003e\u003ccode\u003e\u2013cacert\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;flag results in the CLI attempting to fetch CA certificates stored in Rancher\u2019s setting cacerts. \u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify\u00a0flag to the Rancher CLI login command without also passing the \u2013cacert\u00a0flag results in the CLI attempting to fetch CA certificates stored in Rancher\u2019s setting cacerts."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T10:36:57.771Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601"
        },
        {
          "url": "https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Rancher CLI skips TLS verification on Rancher CLI login command",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2025-67601",
    "datePublished": "2026-02-25T10:36:57.771Z",
    "dateReserved": "2025-12-09T14:05:21.453Z",
    "dateUpdated": "2026-02-26T14:44:07.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-67601",
      "date": "2026-04-18",
      "epss": "9e-05",
      "percentile": "0.00903"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-67601\",\"sourceIdentifier\":\"meissner@suse.de\",\"published\":\"2026-02-25T11:16:02.643\",\"lastModified\":\"2026-03-03T16:26:32.240\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify\u00a0flag to the Rancher CLI login command without also passing the \u2013cacert\u00a0flag results in the CLI attempting to fetch CA certificates stored in Rancher\u2019s setting cacerts.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad ha sido identificada dentro de Rancher Manager, donde el uso de certificados CA autofirmados y pasar la bandera -skip-verify al comando de inicio de sesi\u00f3n de Rancher CLI sin pasar tambi\u00e9n la bandera \u2013cacert resulta en que la CLI intenta obtener certificados CA almacenados en la configuraci\u00f3n \u0027cacerts\u0027 de Rancher.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"meissner@suse.de\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.10.0\",\"versionEndExcluding\":\"2.10.11\",\"matchCriteriaId\":\"8434BB27-8099-4685-9FE5-C3E4FF565E79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.11.0\",\"versionEndExcluding\":\"2.11.10\",\"matchCriteriaId\":\"4B7549C0-3315-469C-A43F-E8B7095E570D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.12.0\",\"versionEndExcluding\":\"2.12.6\",\"matchCriteriaId\":\"81C70333-B5C6-4DAB-92B0-0FA49ED9CBE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.13.0\",\"versionEndExcluding\":\"2.13.2\",\"matchCriteriaId\":\"FDEACDC9-6A42-488C-AD8B-46E1B26CA943\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601\",\"source\":\"meissner@suse.de\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p\",\"source\":\"meissner@suse.de\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-67601\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-26T04:55:52.856025Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T21:04:30.404Z\"}}], \"cna\": {\"title\": \"Rancher CLI skips TLS verification on Rancher CLI login command\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SUSE\", \"product\": \"rancher\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.0.0-20260129092249-bb0625fd1896\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.13.0\", \"lessThan\": \"2.13.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.12.0\", \"lessThan\": \"2.12.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.11.0\", \"lessThan\": \"2.11.10\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.10.0\", \"lessThan\": \"2.10.11\", \"versionType\": \"semver\"}], \"packageName\": \"github.com/rancher/rancher\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-02-01T16:58:00.000Z\", \"references\": [{\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601\"}, {\"url\": \"https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify\\u00a0flag to the Rancher CLI login command without also passing the \\u2013cacert\\u00a0flag results in the CLI attempting to fetch CA certificates stored in Rancher\\u2019s setting cacerts.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the \u003c/span\u003e\u003ccode\u003e-skip-verify\u003c/code\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;flag to the Rancher CLI login command without also passing the \u003c/span\u003e\u003ccode\u003e\\u2013cacert\u003c/code\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;flag results in the CLI attempting to fetch CA certificates stored in Rancher\\u2019s setting cacerts. \u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295: Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"404e59f5-483d-4b8a-8e7a-e67604dd8afb\", \"shortName\": \"suse\", \"dateUpdated\": \"2026-02-25T10:36:57.771Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-67601\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T14:44:07.081Z\", \"dateReserved\": \"2025-12-09T14:05:21.453Z\", \"assignerOrgId\": \"404e59f5-483d-4b8a-8e7a-e67604dd8afb\", \"datePublished\": \"2026-02-25T10:36:57.771Z\", \"assignerShortName\": \"suse\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2026-0276

Vulnerability from csaf_certbund - Published: 2026-02-01 23:00 - Updated: 2026-03-04 23:00

Summary

Rancher Manager und Backup Operator: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Rancher ist ein Werkzeug für die Verwaltung von Kubernetes-Container basierten Umgebungen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Rancher Manager und Backup Operator ausnutzen, um Sicherheitsvorkehrungen zu umgehen und vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2025-67601

CVE-2025-62879

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://github.com/advisories/GHSA-mc24-7m59-4q5p	external
	https://github.com/rancher/backup-restore-operato…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Rancher ist ein Werkzeug f\u00fcr die Verwaltung von Kubernetes-Container basierten Umgebungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Rancher Manager und Backup Operator ausnutzen, um Sicherheitsvorkehrungen zu umgehen und vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0276 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0276.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0276 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0276"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-02-01",
        "url": "https://github.com/advisories/GHSA-mc24-7m59-4q5p"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-02-01",
        "url": "https://github.com/rancher/backup-restore-operator/security/advisories/GHSA-wj3p-5h3x-c74q"
      }
    ],
    "source_lang": "en-US",
    "title": "Rancher Manager und Backup Operator: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-04T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-05T08:27:21.843+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0276",
      "initial_release_date": "2026-02-01T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-01T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-208270"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.13.2",
                "product": {
                  "name": "Rancher Rancher \u003c2.13.2",
                  "product_id": "T050468"
                }
              },
              {
                "category": "product_version",
                "name": "2.13.2",
                "product": {
                  "name": "Rancher Rancher 2.13.2",
                  "product_id": "T050468-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:2.13.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.12.6",
                "product": {
                  "name": "Rancher Rancher \u003c2.12.6",
                  "product_id": "T050469"
                }
              },
              {
                "category": "product_version",
                "name": "2.12.6",
                "product": {
                  "name": "Rancher Rancher 2.12.6",
                  "product_id": "T050469-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:2.12.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.11.10",
                "product": {
                  "name": "Rancher Rancher \u003c2.11.10",
                  "product_id": "T050470"
                }
              },
              {
                "category": "product_version",
                "name": "2.11.10",
                "product": {
                  "name": "Rancher Rancher 2.11.10",
                  "product_id": "T050470-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:2.11.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.10.11",
                "product": {
                  "name": "Rancher Rancher \u003c2.10.11",
                  "product_id": "T050471"
                }
              },
              {
                "category": "product_version",
                "name": "2.10.11",
                "product": {
                  "name": "Rancher Rancher 2.10.11",
                  "product_id": "T050471-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:2.10.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Backup Operator \u003c108.0.1+up9.0.1",
                "product": {
                  "name": "Rancher Rancher Backup Operator \u003c108.0.1+up9.0.1",
                  "product_id": "T050472"
                }
              },
              {
                "category": "product_version",
                "name": "Backup Operator 108.0.1+up9.0.1",
                "product": {
                  "name": "Rancher Rancher Backup Operator 108.0.1+up9.0.1",
                  "product_id": "T050472-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:backup_operator__108.0.1up9.0.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Backup Operator \u003c107.1.2+up8.1.2",
                "product": {
                  "name": "Rancher Rancher Backup Operator \u003c107.1.2+up8.1.2",
                  "product_id": "T050473"
                }
              },
              {
                "category": "product_version",
                "name": "Backup Operator 107.1.2+up8.1.2",
                "product": {
                  "name": "Rancher Rancher Backup Operator 107.1.2+up8.1.2",
                  "product_id": "T050473-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:backup_operator__107.1.2up8.1.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Backup Operator \u003c106.0.6+up7.0.5",
                "product": {
                  "name": "Rancher Rancher Backup Operator \u003c106.0.6+up7.0.5",
                  "product_id": "T050474"
                }
              },
              {
                "category": "product_version",
                "name": "Backup Operator 106.0.6+up7.0.5",
                "product": {
                  "name": "Rancher Rancher Backup Operator 106.0.6+up7.0.5",
                  "product_id": "T050474-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:backup_operator__106.0.6up7.0.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Backup Operator \u003c105.0.6+up6.0.3",
                "product": {
                  "name": "Rancher Rancher Backup Operator \u003c105.0.6+up6.0.3",
                  "product_id": "T050475"
                }
              },
              {
                "category": "product_version",
                "name": "Backup Operator 105.0.6+up6.0.3",
                "product": {
                  "name": "Rancher Rancher Backup Operator 105.0.6+up6.0.3",
                  "product_id": "T050475-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:backup_operator__105.0.6up6.0.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rancher"
          }
        ],
        "category": "vendor",
        "name": "Rancher"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-67601",
      "product_status": {
        "known_affected": [
          "T050471",
          "T050470",
          "T050469",
          "T050468"
        ]
      },
      "release_date": "2026-02-01T23:00:00.000+00:00",
      "title": "CVE-2025-67601"
    },
    {
      "cve": "CVE-2025-62879",
      "product_status": {
        "known_affected": [
          "T050473",
          "T050472",
          "T050475",
          "T050474"
        ]
      },
      "release_date": "2026-02-01T23:00:00.000+00:00",
      "title": "CVE-2025-62879"
    }
  ]
}

GHSA-MC24-7M59-4Q5P

Vulnerability from github – Published: 2026-02-01 17:58 – Updated: 2026-02-27 20:41

Summary

Rancher CLI skips TLS verification on Rancher CLI login command

Details

Impact

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. This does not apply to any other commands and only applies to the login command if the –cacert flag was not provided.

An attacker with network-level access between the Rancher CLI and Rancher Manager could interfere with the TLS handshake to return a CA they control, despite the use of the --skip-verify flag. This may be abused to bypass TLS as a security control. Attackers can also see basic authentication headers in a Man-in-the-Middle due to the lack of TLS enforcement.

Please consult the associated MITRE ATT&CK - Technique - Man-in-the-Middle for further information about this category of attack.

Patches

This vulnerability is addressed by removing the ability to fetch CA certificates stored in Rancher’s setting cacerts when using the login command. Whenever required, for example when using self-signed certificates, CA certificates have to be explicitly passed with the –cacert flag.

Patched versions of Rancher include releases v2.13.2, v2.12.6, v2.11.10, and v2.10.11.

Workarounds

If a projecct can't upgrade to a fixed version, please make sure whenever required, for example when using self-signed certificates, to always explicitly pass CA certificates with the –cacert flag when using the login command.

References

If there are any questions or comments about this advisory: - Reach out to the SUSE Rancher Security team for security related inquiries. - Open an issue in the Rancher repository. - Verify with the support matrix and product support lifecycle.

Note: Rancher versions beyond 2.3.0-alpha5 are no longer supported at pkg.go.dev, follow Rancher installation instructions for newer versions.

Severity ?

8.3 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20260129092249-bb0625fd1896"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.13.0"
            },
            {
              "fixed": "2.13.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.12.0"
            },
            {
              "fixed": "2.12.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.11.0"
            },
            {
              "fixed": "2.11.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.10.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-67601"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-01T17:58:57Z",
    "nvd_published_at": "2026-02-25T11:16:02Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nA vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the `-skip-verify` flag to the Rancher CLI login command without also passing the `\u2013cacert` flag results in the CLI attempting to fetch CA certificates stored in Rancher\u2019s setting cacerts. This does not apply to any other commands and only applies to the login command if the `\u2013cacert` flag was not provided.\n\nAn attacker with network-level access between the Rancher CLI and Rancher Manager could interfere with the TLS handshake to return a CA they control, despite the use of the `--skip-verify` flag. This may be abused to bypass TLS as a security control. Attackers can also see basic authentication headers in a Man-in-the-Middle due to the lack of TLS enforcement.\n\nPlease consult the associated [MITRE ATT\u0026CK - Technique - Man-in-the-Middle](https://attack.mitre.org/techniques/T1557/) for further information about this category of attack.\n\n### Patches\nThis vulnerability is addressed by removing the ability to fetch CA certificates stored in Rancher\u2019s setting cacerts when using the login command. Whenever required, for example when using self-signed certificates, CA certificates have to be explicitly passed with the \u2013cacert flag.\n\nPatched versions of Rancher include releases `v2.13.2`, `v2.12.6`, `v2.11.10`, and `v2.10.11`.\n\n### Workarounds\nIf a projecct can\u0027t upgrade to a fixed version, please make sure whenever required, for example when using self-signed certificates, to always explicitly pass CA certificates with the \u2013cacert flag when using the login command.\n\n\n### References\nIf there are any questions or comments about this advisory:\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with the [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).\n\nNote: Rancher versions beyond 2.3.0-alpha5 are no longer supported at pkg.go.dev, follow [Rancher installation instructions for newer versions](https://ranchermanager.docs.rancher.com/v2.13/getting-started/installation-and-upgrade).",
  "id": "GHSA-mc24-7m59-4q5p",
  "modified": "2026-02-27T20:41:03Z",
  "published": "2026-02-01T17:58:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67601"
    },
    {
      "type": "WEB",
      "url": "https://attack.mitre.org/techniques/T1557"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rancher/rancher"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/releases/tag/v2.13.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rancher CLI skips TLS verification on Rancher CLI login command"
}

FKIE_CVE-2025-67601

Vulnerability from fkie_nvd - Published: 2026-02-25 11:16 - Updated: 2026-03-03 16:26

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

References

	URL	Tags
	meissner@suse.de	https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601	Issue Tracking
	meissner@suse.de	https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p	Vendor Advisory

Impacted products

Vendor	Product	Version
suse	rancher	*
suse	rancher	*
suse	rancher	*
suse	rancher	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8434BB27-8099-4685-9FE5-C3E4FF565E79",
              "versionEndExcluding": "2.10.11",
              "versionStartIncluding": "2.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7549C0-3315-469C-A43F-E8B7095E570D",
              "versionEndExcluding": "2.11.10",
              "versionStartIncluding": "2.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81C70333-B5C6-4DAB-92B0-0FA49ED9CBE7",
              "versionEndExcluding": "2.12.6",
              "versionStartIncluding": "2.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDEACDC9-6A42-488C-AD8B-46E1B26CA943",
              "versionEndExcluding": "2.13.2",
              "versionStartIncluding": "2.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify\u00a0flag to the Rancher CLI login command without also passing the \u2013cacert\u00a0flag results in the CLI attempting to fetch CA certificates stored in Rancher\u2019s setting cacerts."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad ha sido identificada dentro de Rancher Manager, donde el uso de certificados CA autofirmados y pasar la bandera -skip-verify al comando de inicio de sesi\u00f3n de Rancher CLI sin pasar tambi\u00e9n la bandera \u2013cacert resulta en que la CLI intenta obtener certificados CA almacenados en la configuraci\u00f3n \u0027cacerts\u0027 de Rancher."
    }
  ],
  "id": "CVE-2025-67601",
  "lastModified": "2026-03-03T16:26:32.240",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "meissner@suse.de",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-02-25T11:16:02.643",
  "references": [
    {
      "source": "meissner@suse.de",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601"
    },
    {
      "source": "meissner@suse.de",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p"
    }
  ],
  "sourceIdentifier": "meissner@suse.de",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "meissner@suse.de",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-67601 (GCVE-0-2025-67601)

WID-SEC-W-2026-0276

GHSA-MC24-7M59-4Q5P

Impact

Patches

Workarounds

References

FKIE_CVE-2025-67601

Tags

Sightings

Nomenclature