A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.
An attacker with regular user privileges can craft a value of the `parameters.pathPattern` parameter containing path traversal sequences (e.g., `../`). The PersistentVolumes creation mechanism does not properly filter or validate this value, causing the target volume path to be resolved outside the intended working directory. As a result, the newly created PersistentVolume can be placed anywhere in the host node's file system, including locations reserved for the operating system.
An attacker can overwrite sensitive system files on the host node or gain access to unauthorized directories, which may result in privilege escalation, system integrity violation, or permanent system compromise. The attack scope extends beyond the requesting user's environment (Scope: Changed).
Apply patches available from the vendor according to the references (https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62878 and https://github.com/advisories/GHSA-jr3w-9vfr-c746). Until the fix is implemented, restrict permissions to create PersistentVolumes only to trusted users and administrative roles.
Versions specified in the vendor's references (details available at the addresses in the references section: bugzilla.suse.com and GitHub Advisory GHSA-jr3w-9vfr-c746)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H