CVE-2025-23389

Description

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Affected products

SUSE / Rancher2.8.0 – 2.8.13
SUSE / Rancher2.9.0 – 2.9.7
SUSE / Rancher2.10.0 – 2.10.3

References

MISChttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23389
VENDOR_ADVISORYhttps://github.com/rancher/rancher/security/advisories/GHSA-mq23-vvg7-xfm4