CVE-2025-23389

Published Apr 11, 2025

Last updated 2 months ago

CVSS high 8.4

Overview

Description
A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
Source
meissner@suse.de
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.4
Impact score
6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Severity
HIGH

Weaknesses

meissner@suse.de
CWE-284

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-23389 🔴 HIGH (8.4) 🏢 SUSE - rancher 🏗️ 2.8.0 🔗 https://t.co/CzuxpU3EZR 🔗 https://t.co/oOyx0h9NcU #CyberCron #VulnAlert #InfoSec https://t.co/BtvWafmTCC

    @cybercronai

    11 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-23389 A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue aff… https://t.co/l1UNwrZ7dB

    @CVEnew

    11 Apr 2025

    372 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. SUSE has warned of critical vulnerabilities in Rancher (CVE-2025-23388 & CVE-2025-23389) that could lead to DoS attacks and user impersonation. Immediate upgrades are essential. #Rancher #SUSE #USA link: https://t.co/1BEZSjjI1g https://t.co/a6s1Cy2Sd8

    @TweetThreatNews

    4 Mar 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Flaws in Rancher (CVE-2025-23388 & CVE-2025-23389) Expose Kubernetes Environments to Attacks https://t.co/P3LPNq4vEx

    @Dinosn

    4 Mar 2025

    1699 Impressions

    2 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. ⚠️ Vulnerability Alert: Flaws in Rancher 📅 Timeline: Disclosure: 2025-03-01, Patch: 2025-02-27 🆔cveId: CVE-2025-23388, CVE-2025-23389 📊baseScore: 8.2, 8.4 cvssSeverity: High 🟠 🛠️exploitMaturity: Not Available 📂affectedVersions: - v2.8.12 and earlier - v2.9.6 and… http

    @syedaquib77

    4 Mar 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Flaws in Rancher (CVE-2025-23388 & CVE-2025-23389) Expose Kubernetes Environments to Attacks These flaws, identified as CVE-2025-23388 and CVE-2025-23389, could allow attackers to launch denial-of-service (DoS) attacks and impersonate users https://t.co/QjH9CmE5iF

    @the_yellow_fall

    4 Mar 2025

    437 Impressions

    4 Retweets

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.