CVE-2025-62879 — Vulnetix

CVE-2025-62879 PUBLISHED CVSS 6.800000190734863 MEDIUM

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.

EPSS 0.01% · 2.2th percentile

Risk Scores

CVSS v3.1

6.800000190734863

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS Score

0.01%

2.2th percentile

Affected Products

Vendor	Product	Versions
SUSE	Rancher	9.0.0, 8.0.0, 7.0.0
suse	rancher_backup_and_restore_operator	6.0.0, 8.0.0, 9.0.0
github.com	rancher/backup-restore-operator	9.0.0, 8.0.0, 6.0.0

Timeline

Mar 3, 2026 CVE Published
Mar 4, 2026 CVE Updated
Mar 4, 2026 PoC Published
Mar 5, 2026 EPSS Score
Mar 6, 2026 EPSS Score
Mar 7, 2026 EPSS Score
Mar 8, 2026 EPSS Score
Mar 9, 2026 EPSS Score
Mar 10, 2026 EPSS Score
Mar 11, 2026 EPSS Score
Mar 12, 2026 EPSS Score
Mar 13, 2026 EPSS Score

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62879 url
https://github.com/advisories/GHSA-wj3p-5h3x-c74q url
https://github.com/rancher/backup-restore-operator/security/advisories/GHSA-wj3p-5h3x-c74q url
https://nvd.nist.gov/vuln/detail/CVE-2025-62879 advisory
https://github.com/rancher/backup-restore-operator package

Open in Interactive Console →