Rancher CLI skips TLS verification on Rancher CLI login command
Description
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Rancher CLI login command with -skip-verify flag and no -cacert flag fetches CA certificates from Rancher settings, enabling TLS bypass and MITM attacks.
A vulnerability in Rancher Manager (CVE-2025-67601) arises when the CLI login command is used with self-signed CA certificates and the -skip-verify flag, but without the -cacert flag. In this scenario, the CLI attempts to fetch CA certificates stored in Rancher's cacerts setting, bypassing explicit certificate verification [1][2][4].
An attacker with network-level access between the Rancher CLI and Rancher Manager can exploit this by interfering with the TLS handshake to return a CA they control, despite the use of the --skip-verify flag. This allows the attacker to bypass TLS as a security control and potentially view basic authentication headers in a Man-in-the-Middle (MITM) attack [4].
The impact includes the ability to bypass TLS verification, leading to potential credential exposure and unauthorized access. The vulnerability does not apply to other commands and only affects the login command when the -cacert flag is omitted [2][4].
This issue is addressed in patched versions of Rancher: v2.13.2, v2.12.6, v2.11.10, and v2.10.11, which remove the ability to fetch CA certificates from cacerts during login. If upgrading is not possible, the workaround is to always explicitly pass CA certificates with the -cacert flag when using the login command [1][4].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | < 0.0.0-20260129092249-bb0625fd1896 | 0.0.0-20260129092249-bb0625fd1896 |
github.com/rancher/rancherGo | >= 2.13.0, < 2.13.2 | 2.13.2 |
github.com/rancher/rancherGo | >= 2.12.0, < 2.12.6 | 2.12.6 |
github.com/rancher/rancherGo | >= 2.11.0, < 2.11.10 | 2.11.10 |
github.com/rancher/rancherGo | >= 2.10.0, < 2.10.11 | 2.10.11 |
Affected products
1- SUSE/rancherv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-mc24-7m59-4q5pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-67601ghsaADVISORY
- attack.mitre.org/techniques/T1557ghsaWEB
- bugzilla.suse.com/show_bug.cgighsaWEB
- github.com/rancher/rancher/releases/tag/v2.13.2ghsaWEB
- github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5pghsaWEB
News mentions
0No linked articles in our index yet.