VDB
CVE-2025-54471
CVE-2025-54471
PUBLISHED
CVSS 6.5 MEDIUM
NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.
EPSS 0.04% · 14.0th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.04%
14.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | neuvector/neuvector | 5.3.0, 0.0.0-20230727023453-1c4957d53911 |
| SUSE | neuvector | 5.3.0, 0.0.0-20230727023453-1c4957d53911 |
Exploit Intelligence
Timeline
- Oct 21, 2025 CVE Published
- Oct 30, 2025 CVE Updated
- Oct 30, 2025 EPSS Score
- Oct 30, 2025 Coalition ESS Score
- Oct 30, 2025 Coalition ESS Score
- Oct 30, 2025 PoC Published
- Oct 31, 2025 Coalition ESS Score
- Nov 5, 2025 EPSS Score
- Nov 6, 2025 Coalition ESS Score
- Nov 10, 2025 EPSS Score
- Nov 16, 2025 EPSS Score
- Nov 21, 2025 EPSS Score
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54471 url
- https://github.com/neuvector/neuvector/security/advisories/GHSA-h773-7gf7-9m2x url
- https://nvd.nist.gov/vuln/detail/CVE-2025-54471 advisory
- https://github.com/neuvector/neuvector/commit/084a437033b491eeea11bdba1a09dd84ed12ea88 url
- https://github.com/neuvector/neuvector package