Cyber Resilience

CVE-2025-62878

Critical

Published: 25 February 2026

Published
25 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0058 43.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-62878 is a critical-severity Relative Path Traversal (CWE-23) vulnerability in Suse (inferred from references). Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked at the 43.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-62878, published on 2026-02-25, is a critical vulnerability (CVSS 9.9, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) mapped to CWE-23 (Relative Path Traversal). It enables a malicious user to manipulate the parameters.pathPattern parameter when creating PersistentVolumes, allowing these volumes to be placed in arbitrary locations on the host node. This can lead to overwriting sensitive files or gaining access to unintended directories on the host filesystem.

The vulnerability can be exploited by an attacker with low privileges (PR:L), such as an authenticated user in the affected environment with permissions to create PersistentVolumes. Exploitation occurs over the network with low attack complexity and no user interaction required, resulting in a scope change that grants high-impact access to confidentiality, integrity, and availability on the host node. Successful attacks allow arbitrary file manipulation on the host, potentially escalating control beyond container boundaries.

Mitigation details are available in advisories from SUSE Bugzilla (https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62878) and GitHub (https://github.com/advisories/GHSA-jr3w-9vfr-c746), which likely include patches and workarounds for affected components handling PersistentVolumes.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Path traversal in PersistentVolume creation enables direct host filesystem write/access from container context (T1611 container escape) and subsequent privilege escalation on the node (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32725Shared CWE-23
CVE-2024-54449Shared CWE-23
CVE-2026-8361Shared CWE-23
CVE-2026-30345Shared CWE-23
CVE-2026-29778Shared CWE-23
CVE-2025-25130Shared CWE-23
CVE-2026-43616Shared CWE-23
CVE-2026-2818Shared CWE-23
CVE-2026-8073Shared CWE-23
CVE-2026-33733Shared CWE-23

Affected Assets

Suse
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses path traversal by requiring validation of the parameters.pathPattern input to block relative path sequences like '../'.

prevent

Enforces least privilege to restrict PersistentVolume creation permissions to only necessary users, blocking low-privilege (PR:L) exploitation.

prevent

Remediates the specific flaw in PersistentVolume path handling through timely patching as advised in vendor sources.

References