CVE-2025-62879 — Log File Information Exposure in Rancher

CWE-532 — Log File Information Exposure6 documents5 sources

Severity

4.9MEDIUMNVD

CNA6.8

EPSS

0.0%

top 97.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Rancher Github.com Rancher Backup-restore-operator Suse Rancher Backup AND Restore Operator

Timeline

PublishedMar 4

Latest updateMar 10

Description

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

▶NVDsuse/rancher_backup_and_restore_operator6.0.0 — 6.0.3+3

▶Gogithub.com/rancher_backup-restore-operator9.0.0 — 9.0.1+3

▶CVEListV5suse/rancher9.0.0 — 9.0.1+3

🔴Vulnerability Details

OSV

Rancher Backup Operator pod's logs leak S3 tokens in github.com/rancher/backup-restore-operator↗2026-03-10

▶

CVEList

Rancher Backup Operator pod's logs leak S3 tokens↗2026-03-04

▶

GHSA

Rancher Backup Operator pod's logs leak S3 tokens↗2026-03-03

▶

OSV

Rancher Backup Operator pod's logs leak S3 tokens↗2026-03-03

▶

🕵️Threat Intelligence

Wiz

CVE-2025-62879 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶