CVE-2025-8077
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-17
Assigner: SUSE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| neuvector | neuvector | 5.4.6 |
| neuvector | neuvector | 5.0.0 |
| neuvector | neuvector | 5.4.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1393 | The product uses default passwords for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in NeuVector versions up to and including 5.4.5, where the built-in 'admin' account uses a fixed default password. If this password is not changed immediately after deployment, any workload with network access within the cluster can use these default credentials to obtain an authentication token. This token allows the attacker to perform any operation via NeuVector APIs.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with network access within the cluster to gain unauthorized administrative access to NeuVector by using the default 'admin' password. The attacker can then perform any operation via NeuVector APIs, potentially leading to full compromise of the system's security, including confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
Immediately change the default password for the built-in 'admin' account after deployment to prevent unauthorized access using the fixed default password.