CVE-2025-62878

CRITICAL

Rancher local-path-provisioner < 0.0.34 - Path Traversal via pathPattern Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-62878. PoCs published by kinokopio.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-62878, a path traversal vulnerability in rancher/local-path-provisioner. The exploit uses malicious Kubernetes YAML files to create a StorageClass with a path traversal payload, allowing access to sensitive host files like Kubernetes PKI certificates.

Description

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.

Exploits (1)

nomisec WORKING POC 1 stars
by kinokopio · poc
https://github.com/kinokopio/CVE-2025-62878

This repository contains a functional exploit for CVE-2025-62878, a path traversal vulnerability in rancher/local-path-provisioner. The exploit uses malicious Kubernetes YAML files to create a StorageClass with a path traversal payload, allowing access to sensitive host files like Kubernetes PKI certificates.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: rancher/local-path-provisioner v0.0.27 ~ v0.0.32
Auth required
Prerequisites: Kubernetes cluster with admin privileges · Vulnerable version of rancher/local-path-provisioner installed
devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.9
EPSS 0.0003
EPSS Percentile 9.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-23
Status published
Products (2)
rancher/local-path-provisioner 0 - 0.0.34Go
SUSE/Rancher < 0.0.34
Published Feb 25, 2026
Tracked Since Feb 25, 2026