CVE Catalog

CVE-2025-71261

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Summary

An attacker with network-level access between SUSE Virtualization and Rancher Manager in SUSE Harvester before version 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.

Risk Assessment

The ability to bypass TLS security poses a significant risk to the confidentiality and integrity of data transmitted between components.

Recommendation

It is recommended to upgrade SUSE Harvester to version 1.8.0 or later to mitigate this vulnerability.

Original NVD description (English source)

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS