Critical severity9.8NVD Advisory· Published Jan 8, 2026· Updated Apr 15, 2026
CVE-2025-62877
CVE-2025-62877
Description
Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/harvester/harvester-installerGo | >= 1.6.0, <= 1.6.1 | — |
github.com/harvester/harvester-installerGo | >= 1.5.0, <= 1.5.2 | — |
Affected products
2- ghsa-coords2 versionspkg:golang/github.com/harvester/harvester-installerpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
>= 1.6.0, <= 1.6.1+ 1 more
- (no CPE)range: >= 1.6.0, <= 1.6.1
- (no CPE)range: < 0.0.20260114T191543-150000.1.137.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.