CVE-2025-23391

Summary

A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4.

Affected Software

VendorProductVersion RangeStatus
SUSErancher2.8.0 < 2.8.14affected
SUSErancher2.9.0 < 2.9.8affected
SUSErancher2.10.0 < 2.10.4affected

Weaknesses

  • CWE-266: CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References