VDB
CVE-2025-66001
CVE-2025-66001
PUBLISHED
CVSS 8.800000190734863 HIGH
NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks.
EPSS 0.02% · 5.1th percentile
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.02%
5.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | neuvector | 5.3.0 |
| github.com | neuvector/neuvector | 5.3.0 |
Timeline
- Dec 12, 2025 CVE Published
- Jan 8, 2026 CVE Updated
- Jan 8, 2026 EPSS Score
- Jan 8, 2026 PoC Published
- Jan 8, 2026 PoC Published
- Jan 8, 2026 PoC Published
- Jan 11, 2026 EPSS Score
- Jan 14, 2026 EPSS Score
- Jan 17, 2026 EPSS Score
- Jan 21, 2026 EPSS Score
- Jan 24, 2026 EPSS Score
- Jan 27, 2026 EPSS Score
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66001 url
- https://github.com/neuvector/neuvector/security/advisories/GHSA-4jj9-cgqc-x9h5 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-66001 advisory
- https://github.com/neuvector/neuvector/commit/955904b5762f296d209bf395a5fcc7a40a53c424 url
- https://github.com/neuvector/neuvector package