CVE-2025-71261
Awaiting Analysis Awaiting Analysis - Queue
TLS Handshake Bypass in SUSE Harvester

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: SUSE

Description
An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2025-71261
EUVD
EUVD-2025-210170
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
suse harvester to 1.8.0 (exc)
suse harvester From 1.8.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the SUSE Virtualization (Harvester) Rancher integration mechanism. It allows a man-in-the-middle (MitM) attack because the registration client uses an insecure TLS option that does not verify the remote server’s certificate properly. This flaw lets attackers intercept or manipulate cluster registration requests between SUSE Virtualization and Rancher Manager. Additionally, the system processes response payloads without validating their size, which could cause a memory buffer overflow and crash the registration controller.

The vulnerability specifically affects the cluster registration configuration (cluster-registration-url setting) and does not impact the secured operational connectivity between SUSE Virtualization and Rancher Manager. It has a high severity score of 8.6 (CVSS v3) and is fixed in versions 1.8.0 or newer.

Impact Analysis

An attacker with network-level access could exploit this vulnerability to intercept or manipulate cluster registration requests, potentially gaining unauthorized access to data or modifying it. The vulnerability could also lead to service disruption by causing a memory buffer overflow that crashes the registration controller.

  • Unauthorized data access
  • Data modification
  • Service disruption due to crashes
Detection Guidance

This vulnerability involves a man-in-the-middle (MitM) attack exploiting insecure TLS options in the cluster registration client of SUSE Harvester before version 1.8.0. Detection can focus on monitoring network traffic for unusual TLS handshake behaviors or interception attempts between SUSE Virtualization and Rancher Manager.

You can use network analysis tools such as tcpdump or Wireshark to capture and inspect TLS handshake packets on the network segment between SUSE Harvester and Rancher Manager. Look for anomalies such as TLS handshakes that do not properly verify certificates or unexpected certificate changes.

  • Use tcpdump to capture traffic on the relevant interface and port (e.g., port 443 or the port used by cluster-registration-url): tcpdump -i <interface> port <port> -w capture.pcap
  • Analyze the capture with Wireshark to inspect TLS handshakes and verify if certificate validation is occurring properly.
  • Check SUSE Harvester logs for errors or warnings related to cluster registration or TLS handshake failures.
Mitigation Strategies

The primary mitigation is to upgrade SUSE Harvester to version 1.8.0 or newer, where the vulnerability is patched.

If upgrading is not immediately possible, restrict network access to the cluster-registration-url setting to trusted hosts only, minimizing exposure to potential attackers.

Additionally, monitor and audit network traffic between SUSE Virtualization and Rancher Manager to detect and prevent man-in-the-middle attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71261. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart