PatchSiren cyber security CVE debrief
CVE-2025-71261 SUSE CVE debrief
CVE-2025-71261 is a high-severity vulnerability in SUSE Harvester that allows an attacker with network-level access between the SUSE Virtualization and Rancher Manager to interfere with the TLS handshake and bypass TLS as a security control. The vulnerability has a CVSS score of 8.6 and is classified as HIGH.
- Vendor
- SUSE
- Product
- Harvester
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of SUSE Harvester versions prior to 1.8.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to SUSE Harvester version 1.8.0 or later.
- Implement additional security controls to monitor and restrict network access between SUSE Virtualization and Rancher Manager.
Evidence notes
The vulnerability is described in CVE-2025-71261 and has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H.
Official resources
-
CVE-2025-71261 CVE record
CVE.org
-
CVE-2025-71261 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-71261 was published on 2026-06-16T17:16:30.193Z and modified on 2026-06-16T17:37:16.933Z.