CVE-2025-53884 — Vulnetix

CVE-2025-53884 PUBLISHED CVSS 5.300000190734863 MEDIUM

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).

EPSS 0.02% · 7.4th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.02%

7.4th percentile

Affected Products

Vendor	Product	Versions
SUSE	neuvector	5.0.0
github.com	neuvector/neuvector	5.0.0

Timeline

Aug 28, 2025 CVE Published
Sep 17, 2025 PoC Published
Sep 18, 2025 EPSS Score
Sep 25, 2025 EPSS Score
Oct 2, 2025 EPSS Score
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 Coalition ESS Score
Oct 9, 2025 EPSS Score
Oct 16, 2025 EPSS Score
Oct 20, 2025 Coalition ESS Score
Oct 23, 2025 EPSS Score
Oct 26, 2025 Coalition ESS Score

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53884 url
https://github.com/neuvector/neuvector/security/advisories/GHSA-8ff6-pc43-jwv3 url
https://nvd.nist.gov/vuln/detail/CVE-2025-53884 advisory
https://github.com/neuvector/neuvector package

Open in Interactive Console →