Cyber Resilience

CVE-2026-25705

High

Published: 13 May 2026

Published
13 May 2026
Modified
13 May 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0037 28.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-25705 is a high-severity Path Traversal: '.../...//' (CWE-35) vulnerability in Suse (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries…

more

or configuration to inject code. * Write to /var/lib/rancher/ to tamper with cluster state. * If hostPath volumes are mounted, write to the host node filesystem. * Use this issue to chain with other attack vectors.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1543.003 Windows Service Persistence
Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence.
T1574 Hijack Execution Flow Stealth
Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs.
Why these techniques?

Path traversal enables arbitrary writes to Rancher binaries/config (T1190 public app exploitation) for code injection/persistence via modified processes (T1543.003) or execution hijacking (T1574).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-41723Shared CWE-35
CVE-2025-24685Shared CWE-35
CVE-2025-42937Shared CWE-35
CVE-2026-25397Shared CWE-35
CVE-2026-7302Shared CWE-35
CVE-2025-67914Shared CWE-35
CVE-2025-59793Shared CWE-35
CVE-2024-49249Shared CWE-35
CVE-2025-25122Shared CWE-35
CVE-2025-26354Shared CWE-35

Affected Assets

Suse
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References