How to fix CVE-2025-62878?

Within 24 hours: Audit all persistent volume claims and storage classes for suspicious pathPattern configurations; isolate affected clusters from production traffic if possible. Within 7 days: Implement network segmentation to restrict pod-to-node communication; enable audit logging for all storage API calls; brief security and DevOps teams on the vulnerability. Within 30 days: Monitor for vendor patch availability; evaluate Kubernetes cluster upgrades or migration strategies; conduct forensic analysis of persistent volumes for unauthorized modifications.

Is Suse affected by CVE-2025-62878?

CVE-2025-62878 is a critical vulnerability affecting Kubernetes persistent volume management that allows attackers to write arbitrary files to host nodes, potentially compromising system integrity and sensitive data.

CVE-2025-62878

CRITICAL

2026-02-25 [email protected]

GHSA-jr3w-9vfr-c746

9.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 25, 2026 - 11:16 nvd

CRITICAL 9.9

Description

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.

Analysis

Path traversal in Kubernetes PersistentVolume creation via pathPattern parameter allows creating volumes in arbitrary host filesystem locations. CVSS 9.9 with scope change.

Technical Context

CWE-23 relative path traversal. The parameters.pathPattern field in PersistentVolume specs can be manipulated to create volumes at arbitrary host paths.

Affected Products

['Affected Kubernetes storage provisioner']

Remediation

Update the storage provisioner. Implement path validation for pathPattern. Use PodSecurityPolicies/Standards to restrict volume mounts.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +50

POC: 0

Vendor Status

CVE-2025-62878 vulnerability details – vuln.today

Back

CVE-2025-62878

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-62878

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code