Critical severity9.1OSV Advisory· Published Apr 11, 2025· Updated Apr 15, 2026
CVE-2025-23391
CVE-2025-23391
Description
A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | >= 2.8.0, < 2.8.14 | 2.8.14 |
github.com/rancher/rancherGo | >= 2.9.0, < 2.9.8 | 2.9.8 |
github.com/rancher/rancherGo | >= 2.10.0, < 2.10.4 | 2.10.4 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/rancher/rancherpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
>= 2.8.0, < 2.8.14+ 1 more
- (no CPE)range: >= 2.8.0, < 2.8.14
- (no CPE)range: < 0.0.20250402T160203-1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.