CVE-2025-67601 — Improper Certificate Validation in Rancher

CWE-295 — Improper Certificate Validation6 documents5 sources

Severity

4.8MEDIUMNVD

CNA8.3

EPSS

0.0%

top 99.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Rancher Github.com Rancher Rancher

Timeline

PublishedFeb 25

Description

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages3 packages

▶CVEListV5suse/rancher2.13.0 — 2.13.2+4

▶NVDsuse/rancher2.10.0 — 2.10.11+3

▶Gogithub.com/rancher_rancher2.13.0 — 2.13.2+4

🔴Vulnerability Details

CVEList

Rancher CLI skips TLS verification on Rancher CLI login command↗2026-02-25

▶

OSV

Rancher CLI skips TLS verification on Rancher CLI login command in github.com/rancher/rancher↗2026-02-02

▶

GHSA

Rancher CLI skips TLS verification on Rancher CLI login command↗2026-02-01

▶

OSV

Rancher CLI skips TLS verification on Rancher CLI login command↗2026-02-01

▶

🕵️Threat Intelligence

Wiz

CVE-2025-67601 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶