CVE-2025-62877

CRITICAL

9.8

Description

Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published1/8/2026

Last Modified1/8/2026

Sourcenvd

Honeypot Sightings0

Weaknesses (CWE)

CWE-1188

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62877(meissner@suse.de)

https://github.com/harvester/harvester/security/advisories/GHSA-6g8q-hp2j-gvwv(meissner@suse.de)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.