CVE-2025-8077
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-09-17

Assigner: SUSE

Description
A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-09-17
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-14
NVD
CVE-2025-8077
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
neuvector neuvector 5.4.6
neuvector neuvector 5.0.0
neuvector neuvector 5.4.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1393 The product uses default passwords for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in NeuVector versions up to and including 5.4.5, where the built-in 'admin' account uses a fixed default password. If this password is not changed immediately after deployment, any workload with network access within the cluster can use these default credentials to obtain an authentication token. This token allows the attacker to perform any operation via NeuVector APIs.

Impact Analysis

If exploited, this vulnerability allows an attacker with network access within the cluster to gain unauthorized administrative access to NeuVector by using the default 'admin' password. The attacker can then perform any operation via NeuVector APIs, potentially leading to full compromise of the system's security, including confidentiality, integrity, and availability.

Mitigation Strategies

Immediately change the default password for the built-in 'admin' account after deployment to prevent unauthorized access using the fixed default password.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8077. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart