CVE-2025-62878 CRITICAL

CVE-2025-62878: Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Vendor Suse

Product Rancher

Weakness CWE-23

Published February 25, 2026

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

9.9/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.

Key dates

02Disclosure timeline

February 25, 2026 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62878 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/23.html

Related vulnerabilities

CVE-2025-62878: Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

01Description

02Disclosure timeline

03References

04Related CVE