CVE-2025-62878
Published: 25 February 2026
Summary
CVE-2025-62878 is a critical-severity Relative Path Traversal (CWE-23) vulnerability in Suse (inferred from references). Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked at the 43.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-62878, published on 2026-02-25, is a critical vulnerability (CVSS 9.9, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) mapped to CWE-23 (Relative Path Traversal). It enables a malicious user to manipulate the parameters.pathPattern parameter when creating PersistentVolumes, allowing these volumes to be placed in arbitrary locations on the host node. This can lead to overwriting sensitive files or gaining access to unintended directories on the host filesystem.
The vulnerability can be exploited by an attacker with low privileges (PR:L), such as an authenticated user in the affected environment with permissions to create PersistentVolumes. Exploitation occurs over the network with low attack complexity and no user interaction required, resulting in a scope change that grants high-impact access to confidentiality, integrity, and availability on the host node. Successful attacks allow arbitrary file manipulation on the host, potentially escalating control beyond container boundaries.
Mitigation details are available in advisories from SUSE Bugzilla (https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62878) and GitHub (https://github.com/advisories/GHSA-jr3w-9vfr-c746), which likely include patches and workarounds for affected components handling PersistentVolumes.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208110
Vulnerability details
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in PersistentVolume creation enables direct host filesystem write/access from container context (T1611 container escape) and subsequent privilege escalation on the node (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses path traversal by requiring validation of the parameters.pathPattern input to block relative path sequences like '../'.
Enforces least privilege to restrict PersistentVolume creation permissions to only necessary users, blocking low-privilege (PR:L) exploitation.
Remediates the specific flaw in PersistentVolume path handling through timely patching as advised in vendor sources.