Home

Description

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.

PUBLISHED Reserved 2025-07-23 | Published 2025-09-17 | Updated 2025-09-18 | Assigner suse




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1393: Use of Default Password

Product status

Default status
unaffected

5.0.0 (semver) before 5.4.6
affected

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2025-8077

github.com/...vector/security/advisories/GHSA-8pxw-9c75-6w56

cve.org (CVE-2025-8077)

nvd.nist.gov (CVE-2025-8077)

Download JSON