CVE-2025-62877
SUSE · Harvester
The SUSE Harvester interactive installer exposes the OS default SSH login password during cluster creation or host addition.
Executive summary
A critical vulnerability in the SUSE Harvester interactive installer exposes default SSH credentials, potentially allowing unauthorized administrative access to virtualization hosts.
Vulnerability
This vulnerability involves the insecure handling of OS-level default SSH credentials within the interactive installer. It affects unauthenticated users during the deployment or scaling of Harvester clusters, though systems utilizing PXE boot configurations remain unaffected.
Business impact
The exposure of default SSH passwords represents a catastrophic security failure, granting attackers full administrative control over the underlying virtualization infrastructure. With a CVSS score of 9.8, this flaw could lead to complete system compromise, unauthorized access to virtual machine data, and potential lateral movement across the network.
Remediation
Immediate Action: Upgrade to the latest version of SUSE Harvester that addresses this credential exposure. For current installations, manually rotate all default SSH passwords immediately.
Proactive Monitoring: Review SSH authentication logs for unauthorized access attempts or unusual login patterns originating from internal network segments.
Compensating Controls: Restrict management network access to the Harvester nodes to trusted administrative IPs only, minimizing the exposure surface while awaiting a patch.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Given the severity of credential exposure, immediate intervention is required. Organizations using the affected versions of the interactive installer must prioritize credential rotation and platform updates to prevent unauthorized administrative access.