CVE-2025-23389
published 2025-04-11CVE-2025-23389: A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This…
PriorityP351high8.4CVSS 3.1
AVNACHPRLUINSCCHIHAL
EPSS
0.42%
33.5th percentile
A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login.
This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.10.0 < 2.10.3 | 2.10.3 |
| github.com | rancher_rancher | >= 2.8.0 < 2.8.13 | 2.8.13 |
| github.com | rancher_rancher | >= 2.9.0 < 2.9.7 | 2.9.7 |
| suse | rancher | >= 2.10.0 < 2.10.3 | 2.10.3 |
| suse | rancher | >= 2.8.0 < 2.8.13 | 2.8.13 |
| suse | rancher | >= 2.9.0 < 2.9.7 | 2.9.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login in github.com/rancher/rancher
osv·2025-03-03
CVE-2025-23389 Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login in github.com/rancher/rancher
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login in github.com/rancher/rancher
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.8.0 before v2.8.13, from v2.9.0 before v2.9.7, from v2.10.0 before v2.10.3.
OSV
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
osv·2025-02-27
CVE-2025-23389 [HIGH] Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
### Impact
A vulnerability in Rancher has been discovered, leading to a local user impersonation through SAML Authentication on first login.
The issue occurs when a SAML authentication provider (AP) is configured (e.g. Keycloak). A newly created AP user can impersonate any user on Rancher by manipulating cookie values during their initial login to Rancher. This vulnerability could also be exploited if a Rancher user (present on the AP) is removed, either manually or automatically via the [User Retention feature](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-user-retention) with delete-inactive-user-after.
More precisely, Rancher validat
GHSA
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
ghsa·2025-02-27
CVE-2025-23389 [HIGH] CWE-284 Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
### Impact
A vulnerability in Rancher has been discovered, leading to a local user impersonation through SAML Authentication on first login.
The issue occurs when a SAML authentication provider (AP) is configured (e.g. Keycloak). A newly created AP user can impersonate any user on Rancher by manipulating cookie values during their initial login to Rancher. This vulnerability could also be exploited if a Rancher user (present on the AP) is removed, either manually or automatically via the [User Retention feature](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-user-retention) with delete-inactive-user-after.
More precisely, Rancher validat
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-11
Published