September 1, 2025
The SUSE Rancher Security Team has issued a security advisory addressing a high-severity vulnerability in Rancher Manager, a popular open-source container management platform widely used to manage Kubernetes clusters in production. Tracked as CVE-2024-58259, the flaw carries a CVSS score of 8.2 and could allow both unauthenticated and authenticated attackers to cause denial-of-service (DoS) conditions.
Rancher is an open source container management platform built for organizations that deploy containers in production. Rancher makes it easy to run Kubernetes everywhere, meet IT requirements, and empower DevOps teams.
Its widespread use across cloud and on-premises environments makes any disruption potentially impactful to enterprise operations.
The issue arises because Rancher Manager did not enforce request body size limits on certain public and authenticated API endpoints. According to the advisory, “This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing.”
This behavior could lead to critical consequences:
- Denial of Service (DoS): The server process may crash or become unresponsive when memory consumption exceeds available resources.
- Unauthenticated and authenticated exploitation: While the issue was initially observed in unauthenticated /v3-public/ endpoints, the absence of request body size limits also affected several authenticated APIs, broadening the potential attack surface.
In practical terms, by flooding vulnerable endpoints with oversized binary or text payloads, an attacker could disrupt Rancher’s availability and impact both administrative and user operations across managed Kubernetes clusters.
SUSE addressed the issue by introducing default safeguards. “This vulnerability is addressed by adding a default limit of 1MiB and a setting in case this value needs to be increased.”
Patched versions include:
- Rancher v2.12.1
- Rancher v2.11.5
- Rancher v2.10.9
- Rancher v2.9.12
For administrators unable to immediately upgrade, the advisory provides a temporary mitigation path. “If you can’t upgrade to a fixed version, please make sure that you are manually setting the request body size limits. For example, using nginx-ingress controller and only allowing requests via the ingress.”
Detailed instructions are available in the SUSE Knowledge Base article.
Related Posts:
- OpenVPN Driver Flaw: Local Users Can Crash Windows Systems via Buffer Overflow
- PHP Flaws: CVE-2025-1735 (SQLi/Crash) & CVE-2025-6491 (SOAP DoS) Threaten PHP Apps
- CVE-2022-45157 (CVSS 9.1): Critical Security Flaw in Rancher Exposes vSphere Credentials in Plaintext
- CVE-2024-22036 (CVSS 9.1): Critical RCE Vulnerability Discovered in SUSE Rancher
- Rancher Users: Update Now to Fix Admin Takeover Bug (CVE-2025-23391)
