CVE-2025-23388 HIGH

CVE-2025-23388: Unauthenticated stack overflow in /v3-public/authproviders API

Vendor Suse
Product rancher
Weakness CWE-121
Published April 11, 2025
Last update April 15, 2025

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

Key dates

02Disclosure timeline

April 11, 2025 CVE published
April 15, 2025 Record updated