← Volver a CVEs
CVE-2025-8077
CRITICAL9.8
Descripcion
A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado9/17/2025
Ultima modificacion9/17/2025
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-1393
Referencias
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-8077(meissner@suse.de)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.