cbcvebase.
CVE-2025-23389
published 2025-04-11

CVE-2025-23389: A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This…

PriorityP351high8.4CVSS 3.1
AVNACHPRLUINSCCHIHAL
EPSS
0.42%
33.5th percentile
A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comrancher_rancher>= 2.10.0 < 2.10.32.10.3
github.comrancher_rancher>= 2.8.0 < 2.8.132.8.13
github.comrancher_rancher>= 2.9.0 < 2.9.72.9.7
suserancher>= 2.10.0 < 2.10.32.10.3
suserancher>= 2.8.0 < 2.8.132.8.13
suserancher>= 2.9.0 < 2.9.72.9.7
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.