Ddos 
A security vulnerability has been identified in Rancher, an open-source container management platform that makes it easy to run Kubernetes everywhere, meet IT requirements, and empower DevOps teams. The vulnerability, tracked as CVE-2025-23391 with a CVSS score of 9.1, poses a significant risk to Rancher deployments.
The core issue lies in how Rancher handles permissions for Restricted Administrators. The advisory states: “A vulnerability has been identified within Rancher where a Restricted Administrator can change the password of Administrators and take over their accounts. ” This is a clear violation of the principle of least privilege, as “a Restricted Administrator should not be allowed to change the password of more privileged users unless it contains the Manage Users permissions. “
Essentially, the CVE-2025-23391 vulnerability allows a user with limited administrative rights to escalate their privileges and gain full control of the Rancher platform. However, it’s important to note that “Rancher deployments where the Restricted Administrator role is not being used are not affected by this CVE. “
Affected Versions
The following versions of Rancher are affected:
- >=2.8.0,<2.8.14
- >=2.9.0,<2.9.8
- >=2.10.0,<2.10.4
- <2.11.0
SUSE has released patches to address this vulnerability. The key changes introduced in the patched versions include:
-
If the user has a manage-users verb, the user is allowed to edit/delete users. That way the Manage Users built in role will still be able to edit ALL users.
-
If the user doesn’t have manage-users, just edit or delete, then there is a check to ensure that the User being edited only has rules equal to or less than the editor.
Patched versions include releases v2.8.14, v2.9.8, v2.10.4, and v2.11.0.
For users unable to upgrade immediately, the advisory provides the following workarounds:
- Limit access to Rancher Restricted Admin only to trusted users.
- Downgrade Restricted Administrators to custom roles with limited permissions.
Related Posts:
- CVE-2022-45157 (CVSS 9.1): Critical Security Flaw in Rancher Exposes vSphere Credentials in Plaintext
- CVE-2024-22036 (CVSS 9.1): Critical RCE Vulnerability Discovered in SUSE Rancher
- CVE-2024-52281: Rancher Vulnerability Exposes Users to Stored XSS Attacks
- Rancher Vulnerability Alert (CVE-2024-22030): Act Now to Prevent Takeovers
About The Author
