Flaws in Rancher (CVE-2025-23388 & CVE-2025-23389) Expose Kubernetes Environments to Attacks

SUSE has released security advisories to address two critical vulnerabilities in Rancher, an open-source container management platform. These vulnerabilities, identified as CVE-2025-23388 and CVE-2025-23389, could allow attackers to launch denial-of-service (DoS) attacks and impersonate users.

CVE-2025-23388 (CVSS 8.2): Unauthenticated Stack Overflow in /v3-public/authproviders API

This vulnerability allows an unauthenticated attacker to crash the Rancher server by submitting malicious data to the /v3-public/authproviders API endpoint. While the attacker cannot write incorrect data to the API, the DoS attack can disrupt services and prevent legitimate users from accessing the platform.

CVE-2025-23389 (CVSS 8.4): Improper Account Binding Validation in SAML Authentication

This vulnerability enables a local user to impersonate any other user on Rancher by manipulating cookie values during their initial login through a SAML authentication provider. An attacker could exploit this flaw to gain unauthorized access to sensitive data and perform administrative actions.

Impact

These vulnerabilities affect Rancher versions v2.8.12 and earlier, v2.9.6 and earlier, and v2.10.2 and earlier. SUSE has released patched versions, including v2.8.13, v2.9.7, and v2.10.3, to address these issues. Users are strongly recommended to upgrade to the latest versions as soon as possible.

Workarounds

There are no workarounds for CVE-2025-23388. For CVE-2025-23389, Rancher deployments that cannot immediately upgrade can temporarily disable the SAML-based authentication provider. However, upgrading to a patched version is the recommended solution.

Organizations using Rancher should prioritize patching their systems to mitigate the risk of potential attacks.

Rate this post

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply