CVE-2025-54471

MEDIUM

NeuVector 5.3.0-5.4.6 - Use of Hard-coded Cryptographic Key

Title source: llm

Description

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.

References (2)

Core 2

Core References

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54471

Vendor Advisory

https://github.com/neuvector/neuvector/security/advisories/GHSA-h773-7gf7-9m2x

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 11.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-321

Status published

Products (3)

neuvector/neuvector 5.3.0 - 5.4.7Go

SUSE/neuvector 0.0.0-20230727023453-1c4957d53911 - 0.0.0-20251020133207-084a437033b4

SUSE/neuvector 5.3.0 - 5.4.7

Published Oct 30, 2025

Tracked Since Feb 18, 2026