CVE-2025-54471

medium

Description

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.

References

https://github.com/neuvector/neuvector/security/advisories/GHSA-h773-7gf7-9m2x

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54471

Details

Source: Mitre, NVD

Published: 2025-10-30

Updated: 2025-10-30

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N