CVE-2025-62879

Summary

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.

Affected Software

VendorProductVersion RangeStatus
SUSERancher9.0.0 < 9.0.1affected
SUSERancher8.0.0 < 8.1.2affected
SUSERancher7.0.0 < 7.0.5affected
SUSERancher6.0.0 < 6.0.3affected

Weaknesses

  • CWE-532: CWE-532: Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References