CVE-2025-54471

MEDIUM

NeuVector - Info Disclosure

Title source: llm

Description

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.

References (2)

[Issue Tracking] https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54471

[Vendor Advisory] https://github.com/neuvector/neuvector/security/advisories/GHSA-h773-7gf7-9m2x

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-321

Status published

Products (3)

neuvector/neuvector 5.3.0 - 5.4.7Go

SUSE/neuvector 0.0.0-20230727023453-1c4957d53911 - 0.0.0-20251020133207-084a437033b4

SUSE/neuvector 5.3.0 - 5.4.7

Published Oct 30, 2025

Tracked Since Feb 18, 2026