VDB

CVE-2025-54471

CVE-2025-54471 PUBLISHED CVSS 6.5 MEDIUM

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.

EPSS 0.04% · 14.0th percentile

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.04%
14.0th percentile

Affected Products

VendorProductVersions
github.comneuvector/neuvector5.3.0, 0.0.0-20230727023453-1c4957d53911
SUSEneuvector5.3.0, 0.0.0-20230727023453-1c4957d53911

Timeline

  • Oct 21, 2025 CVE Published
  • Oct 30, 2025 CVE Updated
  • Oct 30, 2025 EPSS Score
  • Oct 30, 2025 Coalition ESS Score
  • Oct 30, 2025 Coalition ESS Score
  • Oct 30, 2025 PoC Published
  • Oct 31, 2025 Coalition ESS Score
  • Nov 5, 2025 EPSS Score
  • Nov 6, 2025 Coalition ESS Score
  • Nov 10, 2025 EPSS Score
  • Nov 16, 2025 EPSS Score
  • Nov 21, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›