CVE-2025-62877 | THREATINT

Description

Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup.

PUBLISHED Reserved 2025-10-24 | Published 2026-01-08 | Updated 2026-01-08 | Assigner suse

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1188: Initialization of a Resource with an Insecure Default

Product status

Default status

unaffected

1.6.0 (semver)

affected

1.5.0 (semver)

affected

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62877

github.com/...vester/security/advisories/GHSA-6g8q-hp2j-gvwv

cve.org (CVE-2025-62877)

nvd.nist.gov (CVE-2025-62877)

Download JSON