CVE-2025-67601
published 2026-02-25CVE-2025-67601: A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login…
PriorityP424medium4.8CVSS 3.1
AVNACHPRNUINSUCLILAN
EPSS
0.15%
4.9th percentile
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 0 < 0.0.0-20260129092249-bb0625fd1896 | 0.0.0-20260129092249-bb0625fd1896 |
| github.com | rancher_rancher | >= 2.10.0 < 2.10.11 | 2.10.11 |
| github.com | rancher_rancher | >= 2.11.0 < 2.11.10 | 2.11.10 |
| github.com | rancher_rancher | >= 2.12.0 < 2.12.6 | 2.12.6 |
| github.com | rancher_rancher | >= 2.13.0 < 2.13.2 | 2.13.2 |
| suse | rancher | < 0.0.0-20260129092249-bb0625fd1896 | 0.0.0-20260129092249-bb0625fd1896 |
| suse | rancher | >= 2.10.0 < 2.10.11 | 2.10.11 |
| suse | rancher | >= 2.11.0 < 2.11.10 | 2.11.10 |
| suse | rancher | >= 2.12.0 < 2.12.6 | 2.12.6 |
| suse | rancher | >= 2.13.0 < 2.13.2 | 2.13.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher CLI skips TLS verification on Rancher CLI login command in github.com/rancher/rancher
osv·2026-02-02
CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command in github.com/rancher/rancher
Rancher CLI skips TLS verification on Rancher CLI login command in github.com/rancher/rancher
Rancher CLI skips TLS verification on Rancher CLI login command in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher before v0.0.0-20260129092249-bb0625fd1896, from v2.10.0 before v2.10.11, from v2.11.0 before v2.11.10, from v2.12.0 before v2.12.6, from v2.13.0 before v2.13.2.
GHSA
Rancher CLI skips TLS verification on Rancher CLI login command
ghsa·2026-02-01
CVE-2025-67601 [HIGH] CWE-295 Rancher CLI skips TLS verification on Rancher CLI login command
Rancher CLI skips TLS verification on Rancher CLI login command
### Impact
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the `-skip-verify` flag to the Rancher CLI login command without also passing the `–cacert` flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. This does not apply to any other commands and only applies to the login command if the `–cacert` flag was not provided.
An attacker with network-level access between the Rancher CLI and Rancher Manager could interfere with the TLS handshake to return a CA they control, despite the use of the `--skip-verify` flag. This may be abused to bypass TLS as a security control. Attackers can also see basic authentication headers
OSV
Rancher CLI skips TLS verification on Rancher CLI login command
osv·2026-02-01
CVE-2025-67601 [HIGH] Rancher CLI skips TLS verification on Rancher CLI login command
Rancher CLI skips TLS verification on Rancher CLI login command
### Impact
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the `-skip-verify` flag to the Rancher CLI login command without also passing the `–cacert` flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. This does not apply to any other commands and only applies to the login command if the `–cacert` flag was not provided.
An attacker with network-level access between the Rancher CLI and Rancher Manager could interfere with the TLS handshake to return a CA they control, despite the use of the `--skip-verify` flag. This may be abused to bypass TLS as a security control. Attackers can also see basic authentication headers
No detection rules found.
No public exploits indexed.
2026-02-25
Published