CVE-2025-54468
published 2025-10-02CVE-2025-54468: A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example…
PriorityP424medium4.7CVSS 3.1
AVNACLPRNUIRSCCLINAN
EPSS
0.33%
25.1th percentile
A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.10.0 < 2.10.10 | 2.10.10 |
| github.com | rancher_rancher | >= 2.11.0 < 2.11.6 | 2.11.6 |
| github.com | rancher_rancher | >= 2.12.0 < 2.12.2 | 2.12.2 |
| github.com | rancher_rancher | >= 2.9.0 < 2.9.12 | 2.9.12 |
| suse | rancher | >= 2.10.0 < 2.10.10 | 2.10.10 |
| suse | rancher | >= 2.11.0 < 2.11.6 | 2.11.6 |
| suse | rancher | >= 2.12.0 < 2.12.2 | 2.12.2 |
| suse | rancher | >= 2.9.0 < 2.9.12 | 2.9.12 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint in github.com/rancher/rancher
osv·2025-10-23
CVE-2025-54468 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint in github.com/rancher/rancher
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint in github.com/rancher/rancher
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.9.0 before v2.9.12, from v2.10.0 before v2.10.10, from v2.11.0 before v2.11.6, from v2.12.0 before v2.12.2.
GHSA
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
ghsa·2025-09-26
CVE-2025-54468 [MEDIUM] CWE-200 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
### Impact
A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.
If the authentication provider is configured to have email or other sensitive and/or identifiable information as part of the username and principal ID then when a new cloud credential is being created in Rancher Manager this information is sent to an external entity such as `amazonaws.com`, in case of an AWS cloud credentials, in `Impersonate-Extra-Username` and/or `Impersonate-Extra-Principalid`
OSV
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
osv·2025-09-26
CVE-2025-54468 [MEDIUM] Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
### Impact
A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.
If the authentication provider is configured to have email or other sensitive and/or identifiable information as part of the username and principal ID then when a new cloud credential is being created in Rancher Manager this information is sent to an external entity such as `amazonaws.com`, in case of an AWS cloud credentials, in `Impersonate-Extra-Username` and/or `Impersonate-Extra-Principalid`
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-02
Published