CVE-2025-71261

Summary

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.

Affected Software

VendorProductVersion RangeStatus
SUSEHarvester0 < 1.8affected

Weaknesses

  • CWE-295: CWE-295

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References