CVE-2025-23389

Name of the Vulnerable Software and Affected Versions Rancher versions 2.8.0 through 2.8.12 Rancher versions 2.9.0 through 2.9.6 Rancher versions 2.10.0 through 2.10.2

Description A vulnerability in Rancher allows local user impersonation through SAML Authentication on first login. The issue occurs when a SAML authentication provider is configured, and a newly created user can impersonate any user on Rancher by manipulating cookie values during their initial login. This vulnerability could also be exploited if a Rancher user is removed. Rancher validates only a subset of input from the SAML assertion request and trusts values that are not properly validated, allowing an attacker to configure the saml Rancher UserID cookie and the saml Rancher Action cookie to add the user principal from the authentication provider to the user specified by the attacker.

Recommendations For versions 2.8.0 through 2.8.12, update to version 2.8.13 or later. For versions 2.9.0 through 2.9.6, update to version 2.9.7 or later. For versions 2.10.0 through 2.10.2, update to version 2.10.3 or later. As a temporary workaround for deployments that cannot upgrade, consider disabling the SAML-based authentication provider to minimize the risk of exploitation.