CVE-2025-23389

Summary

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

Affected Software

VendorProductVersion RangeStatus
SUSErancher2.8.0 < 2.8.13affected
SUSErancher2.9.0 < 2.9.7affected
SUSErancher2.10.0 < 2.10.3affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References