CVE-2025-62877CRITICAL 9.8EPSS p37.1%

CVE-2025-62877CVE-2025-62877

Description

Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password  if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.47% probability of exploitation · percentile 37.1% · 2026-06-19T12:03:05Z
Published2026-01-08
Last modified2026-04-15

Underlying weaknesses· 1

CWE-1188

References

  1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62877
  2. https://github.com/harvester/harvester/security/advisories/GHSA-6g8q-hp2j-gvwv

1

TypeTargetConfidenceTier
WeaknessInitialization of a Resource with an Insecure Defaultcwe-11880%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-11625
CVE
CVE-2025-23389
CVE
CVE-2025-46811
CVE
CVE-2025-1393
CVE
CVE-2025-1960
CVE
CVE-2025-52159
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.