Home > Vulnerability Database > CVE-2025-62877

Mend.io Vulnerability Database

CVE-2025-62877

Good to know:

Date: January 8, 2026

Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup.

Severity Score

9.8

Related Resources (5)

Url: https://github.com/harvester/harvester

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62877

Url: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62877

Url: https://github.com/harvester/harvester/security/advisories/GHSA-6g8q-hp2j-gvwv

Url: https://www.mend.io/vulnerability-database/CVE-2025-62877

Severity Score

9.8

Weakness Type (CWE)

Initialization of a Resource with an Insecure Default

CWE-1188

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62877

Good to know:

Date: January 8, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?