CVE-2025-62878Relative Path Traversal in Rancher

CWE-23Relative Path Traversal7 documents6 sources
Severity
9.9CRITICALNVD
EPSS
0.0%
top 92.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse RancherGithub.com Rancher Local-path-provisioner
Timeline
PublishedFeb 25

Description

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5suse/rancher< 0.0.34

🔴Vulnerability Details

4
CVEList
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern2026-02-25
OSV
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern in github.com/rancher/local-path-provisioner2026-02-05
OSV
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern2026-02-04
GHSA
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern2026-02-04

📋Vendor Advisories

1
Microsoft
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern2026-02-10

🕵️Threat Intelligence

1
Wiz
CVE-2025-62878 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-62878 — Relative Path Traversal in Rancher | cvebase