EXECUTIVE SUMMARY:
A high‑severity security vulnerability was discovered CVE‑2025‑67601 in the Rancher CLI login command within the Rancher Manager ecosystem, where improper handling of TLS verification when using self‑signed CA certificates allows the CLI to fetch and trust attacker‑controlled certificates under certain insecure connection configurations. This flaw can be abused by an attacker with network access between the CLI and server to interfere with the TLS handshake, effectively bypassing TLS protections and exposing basic authentication headers, which may lead to man‑in‑the‑middle (MITM) compromise of credentials and unauthorized access to Rancher Manager resources. The issue impacts multiple versions of Rancher prior to the patched releases and upgrading to fixed Rancher CLI versions that enforce strict certificate validation is strongly recommended to mitigate exploitation risk. The vulnerability has a CVSS score of 8.4.
RECOMMENDATION:
We strongly recommend you update Rancher to below link:
REFERENCES:
The following reports contain further technical details: