CVE-2025-66001

high

Description

NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks.

References

https://github.com/neuvector/neuvector/security/advisories/GHSA-4jj9-cgqc-x9h5

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66001

Details

Source: Mitre, NVD

Published: 2026-01-08

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00049