DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2021-25320: CVE-2021-25320: Privilege Escalation via Improper Access Control in Rancher Proxy

#security #cve #cybersecurity

CVE-2021-25320: Privilege Escalation via Improper Access Control in Rancher Proxy

Vulnerability ID: CVE-2021-25320
CVSS Score: 9.9
Published: 2026-03-03

A critical improper access control vulnerability exists in Rancher's /meta/proxy endpoint, allowing authenticated users to bypass authorization checks. By manipulating the proxy request, attackers can utilize cloud credentials they do not own and inject impersonation headers to escalate privileges. This flaw enables unauthorized modification of cloud infrastructure and potential cluster takeover.

TL;DR

Authenticated users can abuse the Rancher API proxy to execute commands using arbitrary cloud credentials and impersonate privileged users via unstripped HTTP headers. Fixed in versions 2.4.16 and 2.5.9.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-284 (Improper Access Control)
  • CVSS v3.1: 9.9 (Critical)
  • Attack Vector: Network
  • EPSS Score: 0.00199 (0.20%)
  • Privileges Required: Low
  • Exploit Status: PoC Available

Affected Systems

  • Rancher v2.4.x prior to 2.4.16
  • Rancher v2.5.x prior to 2.5.9
  • Rancher: < 2.4.16 (Fixed in: 2.4.16)
  • Rancher: < 2.5.9 (Fixed in: 2.5.9)

Code Analysis

Commit: c29a771

Fix for 2.4.x branch implementing permission checks and header stripping

Commit: 3c54189

Fix for 2.5.x branch implementing permission checks and header stripping

Mitigation Strategies

  • Upgrade Rancher to patched versions immediately.
  • Rotate all cloud credentials stored in Rancher.
  • Review cloud provider audit logs (AWS CloudTrail, Azure Monitor) for unauthorized API actions.

Remediation Steps:

  1. Identify current Rancher version via the UI footer or API.
  2. Backup the Rancher server configuration and database.
  3. Pull the patched Docker image (e.g., rancher/rancher:v2.5.9).
  4. Redeploy the Rancher container or Helm chart with the new version.
  5. Verify the upgrade by checking the version number.
  6. Rotate cloud keys in the Cloud Credentials section.

References

Read the full report for CVE-2021-25320 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)