CVE-2025-23391
published 2025-04-11CVE-2025-23391: A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their…
PriorityP353critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
0.41%
32.6th percentile
A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts.
This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.10.0 < 2.10.4 | 2.10.4 |
| github.com | rancher_rancher | >= 2.8.0 < 2.8.14 | 2.8.14 |
| github.com | rancher_rancher | >= 2.9.0 < 2.9.8 | 2.9.8 |
| suse | rancher | >= 2.10.0 < 2.10.4 | 2.10.4 |
| suse | rancher | >= 2.8.0 < 2.8.14 | 2.8.14 |
| suse | rancher | >= 2.9.0 < 2.9.8 | 2.9.8 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher: Restricted Administrator can change Administrator's passwords in github.com/rancher/rancher
osv·2025-04-02
CVE-2025-23391 Rancher: Restricted Administrator can change Administrator's passwords in github.com/rancher/rancher
Rancher: Restricted Administrator can change Administrator's passwords in github.com/rancher/rancher
Rancher: Restricted Administrator can change Administrator's passwords in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.8.0 before v2.8.14, from v2.9.0 before v2.9.8, from v2.10.0 before v2.10.4.
OSV
Rancher: Restricted Administrator can change Administrator's passwords
osv·2025-04-01
CVE-2025-23391 [CRITICAL] Rancher: Restricted Administrator can change Administrator's passwords
Rancher: Restricted Administrator can change Administrator's passwords
### Impact
A vulnerability has been identified within Rancher where a Restricted Administrator can change the password of Administrators and take over their accounts.
A Restricted Administrator should be not allowed to change the password of more privileged users unless it contains the Manage Users permissions.
Rancher deployments where the Restricted Administrator role is not being used are not affected by this CVE.
Please consult the associated [MITRE ATT&CK - Technique - Abuse Elevation Control Mechanism](https://attack.mitre.org/techniques/T1548/) for further information about this category of attack.
### Patches
The fix introduces a few changes:
1. If the user has a manage-users verb, the user is allowed to edi
GHSA
Rancher: Restricted Administrator can change Administrator's passwords
ghsa·2025-04-01
CVE-2025-23391 [CRITICAL] CWE-266 Rancher: Restricted Administrator can change Administrator's passwords
Rancher: Restricted Administrator can change Administrator's passwords
### Impact
A vulnerability has been identified within Rancher where a Restricted Administrator can change the password of Administrators and take over their accounts.
A Restricted Administrator should be not allowed to change the password of more privileged users unless it contains the Manage Users permissions.
Rancher deployments where the Restricted Administrator role is not being used are not affected by this CVE.
Please consult the associated [MITRE ATT&CK - Technique - Abuse Elevation Control Mechanism](https://attack.mitre.org/techniques/T1548/) for further information about this category of attack.
### Patches
The fix introduces a few changes:
1. If the user has a manage-users verb, the user is allowed to edi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-11
Published