CVE-2025-54471

Summary

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.

Affected Software

VendorProductVersion RangeStatus
SUSEneuvector5.3.0 < 5.4.7affected
SUSEneuvector0.0.0-20230727023453-1c4957d53911 < 0.0.0-20251020133207-084a437033b4affected

Weaknesses

  • CWE-321: CWE-321: Use of Hard-coded Cryptographic Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References