NeuVector is shipping cryptographic material into its binary_CVE-2025-54471

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

NeuVector used a hard-coded cryptographic key embedded in the source
code. At compilation time, the key value was replaced with the secret
key value and used to encrypt sensitive configurations when NeuVector
stores the data.

Basic Information

ID CVE-2025-54471

Source suse

Published Oct 30, 2025 at 09:45

Modified Oct 30, 2025 at 13:59

Affected Product

Vendor SUSE

Product neuvector

Version 5.3.0

Affected Versions SUSE neuvector 5.3.0
SUSE neuvector 0.0.0-20230727023453-1c4957d53911

CWE Classification

CWE-321

References

{
    "lastseen": "",
    "description": "NeuVector used a hard-coded cryptographic key embedded in the source \ncode. At compilation time, the key value was replaced with the secret \nkey value and used to encrypt sensitive configurations  when NeuVector \nstores the data.",
    "published": "2025-10-30T09:45:56.931Z",
    "modified": "2025-10-30T13:59:54.426Z",
    "type": "cve",
    "title": "NeuVector is shipping cryptographic material into its binary",
    "source": "suse",
    "references": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54471\nhttps://github.com/neuvector/neuvector/security/advisories/GHSA-h773-7gf7-9m2x",
    "id": "CVE-2025-54471",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321"
    ],
    "cvelist": null,
    "sourceData": "SUSE neuvector 5.3.0\nSUSE neuvector 0.0.0-20230727023453-1c4957d53911",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "neuvector",
    "version": "5.3.0",
    "vendor": "SUSE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}