cbcvebase.
CVE-2025-54468
published 2025-10-02

CVE-2025-54468: A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example…

PriorityP424medium4.7CVSS 3.1
AVNACLPRNUIRSCCLINAN
EPSS
0.33%
25.1th percentile
A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.

Affected

8 ranges
VendorProductVersion rangeFixed in
github.comrancher_rancher>= 2.10.0 < 2.10.102.10.10
github.comrancher_rancher>= 2.11.0 < 2.11.62.11.6
github.comrancher_rancher>= 2.12.0 < 2.12.22.12.2
github.comrancher_rancher>= 2.9.0 < 2.9.122.9.12
suserancher>= 2.10.0 < 2.10.102.10.10
suserancher>= 2.11.0 < 2.11.62.11.6
suserancher>= 2.12.0 < 2.12.22.12.2
suserancher>= 2.9.0 < 2.9.122.9.12
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.