CVE-2025-62877

Summary

Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password  if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup.

Affected Software

VendorProductVersion RangeStatus
SUSEharvester1.6.0affected
SUSEharvester1.5.0affected

Weaknesses

  • CWE-1188: CWE-1188: Initialization of a Resource with an Insecure Default

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References