CVE-2025-8077

CRITICAL

9.8

Beschreibung

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht9/17/2025

Zuletzt geandert9/17/2025

Quellenvd

Honeypot-Sichtungen0

Schwachen (CWE)

CWE-1393

Referenzen

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-8077(meissner@suse.de)

https://github.com/neuvector/neuvector/security/advisories/GHSA-8pxw-9c75-6w56(meissner@suse.de)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.