A new high-severity vulnerability in Rancher CLI could allow an attacker to harvest admin credentials under certain conditions, according to SUSE Rancher Security Team. The flaw, tracked as CVE-2025-67601, carries a CVSS score of 8.4 and affects the login process when handling self-signed certificates, potentially bypassing TLS protections even when users believe they are protected.
The issue centres on the --skip-verify flag in the Rancher CLI login command: if used without explicitly providing the CA certificate via -cacert, the CLI can attempt to fetch CA certificates stored in Rancher’s setting cacerts, creating a window for interception by an attacker with network access between the admin’s workstation and the Rancher Manager. Attackers could see basic authentication headers in a Man-in-the-Middle scenario and harvest credentials in cleartext.
To address the problem, the fix removes the CLI’s ability to fetch stored CA certificates during login, requiring explicit trust anchors; patched versions include v2.13.2, v2.12.6, v2.11.10 and v2.10.11.