Home

Description

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.

PUBLISHED Reserved 2025-07-23 | Published 2025-10-30 | Updated 2025-10-30 | Assigner suse




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-321: Use of Hard-coded Cryptographic Key

Product status

Default status
unaffected

5.3.0 (semver) before 5.4.7
affected

0.0.0-20230727023453-1c4957d53911 (semver) before 0.0.0-20251020133207-084a437033b4
affected

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54471

github.com/...vector/security/advisories/GHSA-h773-7gf7-9m2x

cve.org (CVE-2025-54471)

nvd.nist.gov (CVE-2025-54471)

Download JSON