CVE-2025-62878 - Vulnerability Analysis
CriticalCVSS: 9.9Last Updated: February 25, 2026
Unknown Product - Path Traversal
Published: February 25, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable
Overview
A product contains a path traversal caused by manipulation of parameters.pathPattern, letting attackers create PersistentVolumes in arbitrary host locations, potentially overwriting sensitive files or accessing unintended directories, exploit requires no special privileges.
Severity & Score
Severity: Critical
CVSS Score: 9.9
Impact
Attackers can overwrite sensitive files or access unintended directories on the host, risking data integrity and confidentiality.
Mitigation
Update to the latest version or apply vendor patches addressing path traversal in PersistentVolumes.
References
Related Resources
Details
- CVE ID
- CVE-2025-62878
- Severity
- Critical
- CVSS Score
- 9.9
- Type
- path_traversal
- Status
- new
CWE
- CWE-23
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H