CVE-2025-71261
Awaiting Analysis Awaiting Analysis - Queue

TLS Handshake Bypass in SUSE Harvester

Vulnerability report for CVE-2025-71261, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: SUSE

Description

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
suse harvester to 1.8.0 (exc)
suse harvester From 1.8.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the SUSE Virtualization (Harvester) Rancher integration mechanism. It allows a man-in-the-middle (MitM) attack because the registration client uses an insecure TLS option that does not verify the remote server’s certificate properly. This flaw lets attackers intercept or manipulate cluster registration requests between SUSE Virtualization and Rancher Manager. Additionally, the system processes response payloads without validating their size, which could cause a memory buffer overflow and crash the registration controller.

The vulnerability specifically affects the cluster registration configuration (cluster-registration-url setting) and does not impact the secured operational connectivity between SUSE Virtualization and Rancher Manager. It has a high severity score of 8.6 (CVSS v3) and is fixed in versions 1.8.0 or newer.

Impact Analysis

An attacker with network-level access could exploit this vulnerability to intercept or manipulate cluster registration requests, potentially gaining unauthorized access to data or modifying it. The vulnerability could also lead to service disruption by causing a memory buffer overflow that crashes the registration controller.

  • Unauthorized data access
  • Data modification
  • Service disruption due to crashes
Detection Guidance

This vulnerability involves a man-in-the-middle (MitM) attack exploiting insecure TLS options in the cluster registration client of SUSE Harvester before version 1.8.0. Detection can focus on monitoring network traffic for unusual TLS handshake behaviors or interception attempts between SUSE Virtualization and Rancher Manager.

You can use network analysis tools such as tcpdump or Wireshark to capture and inspect TLS handshake packets on the network segment between SUSE Harvester and Rancher Manager. Look for anomalies such as TLS handshakes that do not properly verify certificates or unexpected certificate changes.

  • Use tcpdump to capture traffic on the relevant interface and port (e.g., port 443 or the port used by cluster-registration-url): tcpdump -i <interface> port <port> -w capture.pcap
  • Analyze the capture with Wireshark to inspect TLS handshakes and verify if certificate validation is occurring properly.
  • Check SUSE Harvester logs for errors or warnings related to cluster registration or TLS handshake failures.
Mitigation Strategies

The primary mitigation is to upgrade SUSE Harvester to version 1.8.0 or newer, where the vulnerability is patched.

If upgrading is not immediately possible, restrict network access to the cluster-registration-url setting to trusted hosts only, minimizing exposure to potential attackers.

Additionally, monitor and audit network traffic between SUSE Virtualization and Rancher Manager to detect and prevent man-in-the-middle attacks.

Compliance Impact

This vulnerability allows a man-in-the-middle (MitM) attacker to bypass TLS security controls, potentially leading to unauthorized data access, modification, or service disruption.

Such unauthorized access and data manipulation could result in non-compliance with data protection standards and regulations like GDPR and HIPAA, which require the protection of sensitive data in transit and the prevention of unauthorized access.

Therefore, this vulnerability poses a risk to maintaining compliance with these regulations by undermining the confidentiality and integrity of data communications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71261. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart