CVE-2025-62878

Summary

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.

Affected Software

VendorProductVersion RangeStatus
SUSERancher0 < 0.0.34affected

Weaknesses

  • CWE-23: CWE-23: Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References