Rancher: Restricted Admin Can Modify Administrator Passwords - Proactive Insights and Support For Open-Source Applications

In Rancher versions from 2.8.0 before 2.8.14, 2.9.0 before 2.9.8, 2.10.0 before 2.10.4 and prior to 2.11.0 a critical severity vulnerability CVE-2025-23391 was detected. This vulnerability allows a Restricted Administrator to change the passwords of full Administrators, potentially leading to account takeover. To address this issue, users should upgrade Rancher to versions 2.8.14, 2.9.8, 2.11.0 or 2.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23391.