CVE-2025-67601 PUBLISHED

Rancher CLI skips TLS verification on Rancher CLI login command

Assigner: suse
Reserved: 09.12.2025 Published: 25.02.2026 Updated: 25.02.2026

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS Score: 8.3

Attack Vector	Network	Scope	Changed
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SUSE
Product	rancher
Versions	Default: unaffected affected from 0 to 0.0.0-20260129092249-bb0625fd1896 (excl.) affected from 2.13.0 to 2.13.2 (excl.) affected from 2.12.0 to 2.12.6 (excl.) affected from 2.11.0 to 2.11.10 (excl.) affected from 2.10.0 to 2.10.11 (excl.)

References

Problem Types

CWE-295: Improper Certificate Validation CWE